The “Recent activity” page shows info about the activity in your Microsoft account, within the last 30 days. This includes any time that you signed in to your account, whether you used a web browser, your phone, an email app, a third-party app, or another method.
For each activity, the Recent activity page lists several things:
Some Internet providers—especially for mobile phone services—might route your activity through a different location. This can make it look like you’ve signed in from somewhere you’re not. If you’re not sure, you can always click an activity you don’t recognize to let us know.
You can click any activity to expand it and see additional details, including:
Different email apps and webmail services use different protocols, or communication formats, to access your account. You might see one or more of the following protocols listed on the Recent activity page:
|Activity description||What it means|
|Successful sign-in||Someone signed in to your Microsoft account with the correct password. (This was probably you!)|
|Security challenge||We detected an unusual sign-in attempt with the correct password. (This might have been you, but we weren’t sure—for example, this might have happened on a new device we didn’t recognize.) To help protect your account, we required an extra security challenge.|
|Incorrect password entered||Someone tried to sign in to your Microsoft account with the wrong password. (This might have been you, if you forgot your password—or it might have been someone else trying to access your account. We didn’t allow this sign-in.)|
|Phone number added
Alternate email added
Identity verification app added
Recovery code added
Phone number deleted
Alternate email deleted
Identity verification app deleted
|A piece of security info for your account was added or deleted. Learn more about security info.|
|All security info marked for removal||All the security info for your account (such as alternate email addresses, phone numbers, and authenticator apps) was scheduled to be removed. Learn more about replacing security info.|
|Account name changed||The name that identifies you in the Microsoft products and services you use has changed.|
|Password changed||Your Microsoft account password was changed. If you didn’t do this, learn how to reset your password.|
|Password reset||Your Microsoft account password was successfully reset.|
Primary alias changed
|An alias is an additional email address that uses the same inbox, contact list, and account settings as the primary alias (email address) for your Microsoft account. Learn more about aliases.|
|Two-step verification turned on|
Two-step verification turned off
|Two-step verification uses two ways to verify your identity whenever you sign in to your Microsoft account. You can turn it on for added account security, or turn it off whenever you want. Learn more about two-step verification.|
|App password created or deleted||App passwords are used for apps or devices that don’t support two-step verification. Learn more about app passwords.|
|Profile info changed||Profile info such as your name, birth date, gender, country/region, or ZIP/postal code was changed. Update your profile info.|
|Account created||A Microsoft account was created.|
You’ll probably recognize most of the account activities listed on your Recent activity page. Even if an activity sounds suspicious at first, you can expand it to see more details and decide whether you remember it. For example, if you accidentally made a typo in your password, you’ll see Incorrect password entered in the list. Or, if you signed in to your account from a mobile phone, you might find that your service provider routed the signal through a cell tower in another city.
But if an activity looks unfamiliar, or if you see an unusual pattern (like multiple sign-in attempts or changes that you’re sure you didn’t make), let us know. We’ll help you make your account more secure to minimize any threats.
If we notice unusual activity on your account, we’ll give you the option to tell us you were responsible for an activity, and we’ll keep track of that info going forward. For example, if you sign in from a new location that happens to be the hotel you’re staying at on a business trip, we’ll add that location to the list of places we expect you might sign in from in the future.
When you tell us that you don’t recognize an activity, it’s possible that a hacker or a malicious user has gotten access to your account. To help protect your account, we’ll walk you through several steps, including changing your password and reviewing and updating your security info.