What is the Recent activity page?

The “Recent activity” page shows info about the activity in your Microsoft account, within the last 30 days. This includes any time that you signed in to your account, whether you used a web browser, your phone, an email app, a third-party app, or another method.


What does the info mean?

  • The description of the activity
  • The date and time the activity occurred
  • The location where the activity occurred

Some Internet providers—especially for mobile phone services—might route your activity through a different location. This can make it look like you’ve signed in from somewhere you’re not. If you’re not sure, you can always click an activity you don’t recognize to let us know.

  • The IP address of the PC or device on which the activity occurred
  • What type of device and operating system was used
  • What Internet browser or type of app, if any, was used


  • Exchange ActiveSync: Syncs email, calendar, and contacts between your devices and your Outlook.com account.
  • Post Office Protocol 3 (POP3): Allows an app or service to access email messages in your inbox.
  • Simple Mail Transfer Protocol (SMTP): Allows an app or service to send email.
  • Internet Message Access Protocol (IMAP): Allows an app or service to access all email (in all folders) and sync email across your devices.


The following table explains the different activity descriptions you might see listed.

Activity descriptionWhat it means
Successful sign-inSomeone signed in to your Microsoft account with the correct password. (This was probably you!)
Security challengeWe detected an unusual sign-in attempt with the correct password. (This might have been you, but we weren’t sure—for example, this might have happened on a new device we didn’t recognize.) To help protect your account, we required an extra security challenge.
Incorrect password enteredSomeone tried to sign in to your Microsoft account with the wrong password. (This might have been you, if you forgot your password—or it might have been someone else trying to access your account. We didn’t allow this sign-in.)
Phone number added
Alternate email added
Identity verification app added
Recovery code added
Phone number deleted
Alternate email deleted
Identity verification app deleted
A piece of security info for your account was added or deleted. Learn more about security info.
All security info marked for removalAll the security info for your account (such as alternate email addresses, phone numbers, and authenticator apps) was scheduled to be removed. Learn more about replacing security info.
Account name changedThe name that identifies you in the Microsoft products and services you use has changed.
Password changedYour Microsoft account password was changed. If you didn’t do this, learn how to reset your password.
Password resetYour Microsoft account password was successfully reset.
Alias added
Alias deleted
Primary alias changed
An alias is an additional email address that uses the same inbox, contact list, and account settings as the primary alias (email address) for your Microsoft account. Learn more about aliases.
Two-step verification turned on
Two-step verification turned off
Two-step verification uses two ways to verify your identity whenever you sign in to your Microsoft account. You can turn it on for added account security, or turn it off whenever you want. Learn more about two-step verification.
App password created or deletedApp passwords are used for apps or devices that don’t support two-step verification. Learn more about app passwords.
Profile info changedProfile info such as your name, birth date, gender, country/region, or ZIP/postal code was changed. Update your profile info.
Account createdA Microsoft account was created.

What should I do if I see unusual account activity?

You’ll probably recognize most of the account activities listed on your Recent activity page. Even if an activity sounds suspicious at first, you can expand it to see more details and decide whether you remember it. For example, if you accidentally made a typo in your password, you’ll see Incorrect password entered in the list. Or, if you signed in to your account from a mobile phone, you might find that your service provider routed the signal through a cell tower in another city.

But if an activity looks unfamiliar, or if you see an unusual pattern (like multiple sign-in attempts or changes that you’re sure you didn’t make), let us know. We’ll help you make your account more secure to minimize any threats.

If you click “This was me”:

If we notice unusual activity on your account, we’ll give you the option to tell us you were responsible for an activity, and we’ll keep track of that info going forward. For example, if you sign in from a new location that happens to be the hotel you’re staying at on a business trip, we’ll add that location to the list of places we expect you might sign in from in the future.

If you click “This wasn’t me”:

When you tell us that you don’t recognize an activity, it’s possible that a hacker or a malicious user has gotten access to your account. To help protect your account, we’ll walk you through several steps, including changing your password and reviewing and updating your security info.