What is the Recent activity page?

The “Recent activity” page shows info about the activity in your Microsoft account, within the last 30 days. This includes any time that you signed in to your account, whether you used a web browser, your phone, an email app, a third-party app, or another method.

What does the info mean?

For each activity, the Recent activity page lists several things:

  • The description of the activity

  • The date and time the activity occurred

  • The location where the activity occurred

Note
Some Internet providers—especially for mobile phone services—might route your activity through a different location. This can make it look like you’ve signed in from somewhere you’re not. If you’re not sure, you can always click an activity you don’t recognize to let us know.

You can click any activity to expand it and see additional details, including:

  • The IP address of the PC or device on which the activity occurred

  • What type of device and operating system was used

  • What Internet browser or type of app, if any, was used

Note
Different email apps and webmail services use different protocols, or communication formats, to access your account. You might see one or more of the following protocols listed on the Recent activity page:

  • Exchange ActiveSync: Syncs email, calendar, and contacts between your devices and your Outlook.com account.

  • Post Office Protocol 3 (POP3): Allows an app or service to access email messages in your inbox.

  • Simple Mail Transfer Protocol (SMTP): Allows an app or service to send email.

  • Internet Message Access Protocol (IMAP): Allows an app or service to access all email (in all folders) and sync email across your devices.

The following table explains the different activity descriptions you might see listed.

Activity description

What it means

Successful sign-in

Someone signed in to your Microsoft account with the correct password. (This was probably you!)

Security challenge

We detected an unusual sign-in attempt with the correct password. (This might have been you, but we weren’t sure—for example, this might have happened on a new device we didn’t recognize.) To help protect your account, we required an extra security challenge.

Incorrect password entered

Someone tried to sign in to your Microsoft account with the wrong password. (This might have been you, if you forgot your password—or it might have been someone else trying to access your account. We didn’t allow this sign-in.)

Phone number added
Alternate email added
Authenticator app added
Recovery code added
Phone number deleted
Alternate email deleted
Authenticator app deleted

A piece of security info for your account was added or deleted. Learn more about security info

All security info marked for removal

All the security info for your account (such as alternate email addresses, phone numbers, and authenticator apps) was scheduled to be removed. Learn more about replacing security info

Account name changed

The name that identifies you in the Microsoft products and services you use has changed.

Password changed

Your Microsoft account password was changed. If you didn’t do this, learn how to reset your password.

Password reset

Your Microsoft account password was successfully reset.

Alias added
Alias deleted
Primary alias changed

An alias is an additional email address that uses the same inbox, contact list, and account settings as the primary alias (email address) for your Microsoft account. Learn more about aliases

Two-step verification turned on
Two-step verification turned off

Two-step verification uses two ways to verify your identity whenever you sign in to your Microsoft account. You can turn it on for added account security, or turn it off whenever you want. Learn more about two-step verification

App password created or deleted

App passwords are used for apps or devices that don’t support two-step verification. Learn more about app passwords

Profile info changed

Profile info such as your name, birth date, gender, country/region, or ZIP/postal code was changed. Update your profile info

Account created

A Microsoft account was created.

What should I do if I see unusual account activity?

You’ll probably recognize most of the account activities listed on your Recent activity page. Even if an activity sounds suspicious at first, you can expand it to see more details and decide whether you remember it. For example, if you accidentally made a typo in your password, you’ll see Incorrect password entered in the list. Or, if you signed in to your account from a mobile phone, you might find that your service provider routed the signal through a cell tower in another city.

But if an activity looks unfamiliar, or if you see an unusual pattern (like multiple sign-in attempts or changes that you’re sure you didn’t make), let us know. We’ll help you make your account more secure to minimize any threats.

If you click “This was me”:

When you tell us you were responsible for an activity, we’ll keep track of that info going forward. For example, if you sign in from a new location that happens to be the hotel you’re staying at on a business trip, we’ll add that location to the list of places we expect you might sign in from in the future.

If you click “This wasn’t me”:

When you tell us that you don’t recognize an activity, it’s possible that a hacker or a malicious user has gotten access to your account. To help protect your account, we’ll walk you through several steps, including changing your password and reviewing and updating your security info.