Microsoft Account Security Alert

Dear Martin Capehart,

Welcome to Microsoft Community.

According to your description, you received an email from Microsoft claiming that someone had accessed your Microsoft account. Don't worry, you can try my suggestions below to keep your account safe, I hope my suggestions can help you.

1. According to the email content and sender information you provided, I want to make it clear that this is an official email from Microsoft. Microsoft will send you an email using account-security-noreply@accountprotection.microsoft.com for any changes to your account security information, abnormal login reminders, or verification codes. About relevant instruction you can refer to Can I trust email from the Microsoft account team? - Microsoft Support.

2. In the meantime, you can follow my tips to keep your account safe. Don't worry, I'm always on your side.

1). First, I recommend that you do a full scan of your common devices, check your current environment for threats such as viruses, and change your email account password after securing your current network environment.

2). After changing the password, you can manually sign out everywhere.

1. Sign in to your Microsoft account.

2. Select Security, then select Manage how I sign in.

3. Select sign out everywhere.

It is recommended that you generate a new recovery code and remember it. If you encounter any account problems, you can smoothly recover the account through the recovery code.

It is also recommended that you add a Microsoft Authenticator. It's a free app. It can serve as a verification method, and if there is any unusual activity, it can notify you more promptly.

3). To improve account security, consider enabling two-factor authentication for your account, you can refer to: How to use two-step verification with your Microsoft account - Microsoft Support

4). Add as much security information as possible to your account, at least 3 or more, the more the better, the purpose of doing this is to make it easier to recover your account in the future once your account has been hacked.

I hope this information has been helpful. If you have any questions, please let me know and I will be happy to help you further.

Have a good day.

Best Regards, 

Jim - MSFT | Microsoft Community Support Specialist

Thank you for the thoughtful and detailed reply. I was trying to confirm that the email was legit and you confirmed that it is.

Are you familiar with the "Passkey FIDO" MFA option that is available for Microsoft 365 Business accounts? Setting this up involves downloading the Microsoft Authenticator App and creating a passkey that uses facial recognition. When I set this up, for our account, I enforced attestation, enforced key restrictions and restricted specific keys to the Microsoft Authenticator App. Here is the URL that explains this process - https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-passkey-fido2.  From everything I have read, Passkey, using the Microsoft Authenticator App, is the best option for protecting one's email.

With this MFA option, I'm not sure a compromised password gives someone the ability to access someone's email account. Once I enabled this MFA option, on my email account, I removed the other options (currently available for our domain - I am the person who sets the MFA options for our domain) and am unable to use any other MFA option to access my email account.

I do intend to sign out of all devices and reset MFA on my account before signing back in to each device again. To this point none of my settings have been changed in the Webmail portal and no email has been sent, using my account. Is it possible that the number of devices I have used to access my email account, in two zip codes (15 miles apart), could have triggered this email from Microsoft?

Thank you again for your response.

I had intended to include details about our use of MFA and realized I was already late leaving the office. I hope my reply didn't seem snarky since I never mentioned this in my original question. Thank you again for such a detailed and thoughtful reply. Most of the users, I support, wouldn't welcome that much detail but I appreciate you taking the time to offer an response with that much detail.

I also occurred to me that our office uses two internet service providers, for redundancy and load balancing. One is based locally and the other is based on the other side of the state. I viewed my use logs and noticed that I have activity with both static IP Addresses. Perhaps this is the reason that Microsoft felt someone was accessing my email account. If that is the case, everyone in our office will experience the same thing. Unless there is suspicious activity, involving a user account, I will not be as concerned when I receive these warnings in the future. I would welcome anyone's input if I am missing something important here.