What is the Recent activity page?
The Recent activity page shows you when and where you've used your Microsoft account within the last 30 days. You can expand any listed activity to see location details and find out how the account was accessed—using a web browser, phone, or another method.
If you see only a Recent activity section on the page, you don't need to confirm any activity. However, if you see an Unusual activity section, it's important to:
-
Let us know whether the activity was you or not. When you expand an activity, you can choose This was me or This wasn't me. These options are only in the Unusual activity section, so if you see them, we need your response. With your help, we can rule out false threats and block unauthorized access more quickly.
-
Secure your account. If you're concerned that someone might have access to your account, we strongly recommend that you go to the Security settings page where you can change your password and update security settings. You can also remove all trusted devices. To learn more about account management and security, see the Security basics page.
If you travel often, your new locations may show as unusual activity. To travel without disruptions or alerts, we recommend using Microsoft Authenticator to sign in.
If you get an email about unusual activity and you're not sure if it's from Microsoft, you can safely sign in to your Microsoft account any time without clicking links in the email.
Note: You control your data. To see or delete certain types of recent activity, you can sign in to https://account.microsoft.com/privacy/activity-history.
To learn more about the Recent activity page, select one of the following headings. It’ll open to show more info.
We'll email you if there's unusual activity on your account and you can review the Unusual activity section. For each activity, you'll see the date and time, location, and type of activity. You can select any activity to see additional details, including:
-
The IP address of the device on which the activity occurred
-
A map that shows a more specific location
Note: Mobile phone services route activity through different locations, so it may look like you signed in from somewhere that's not your actual location.
-
The type of device or operating system used for the activity
-
The internet browser or type of app used for the activity, if any
To let us know whether an activity was safe, you can choose This was me or This wasn't me. These options are only available in the Unusual activity section, and they're only visible after you've expanded an activity.
-
Choose This wasn't me if the activity wasn't yours or you're just not sure if it was you. We'll help you to protect your account from unauthorized access. As part of this process, you'll be asked to change your password and to update your security info.
-
Choose This was me if you recognize the activity as yours. By choosing this option, you'll let us know we don't need to block your account. We may mark activity as unusual if you use your account on vacation, get a new device, or allow an app to sign in as you.
To reduce the number of notifications we send you about your activity, you can select the Keep me signed in box when you sign in. After turning this on, we'll only notify you when your activity appears to change.
Note: If you received an unusual activity notice while sending email in Outlook, see Unblock my Outlook.com account for more info.
If you see anything suspicious in the Recent activity section (such as multiple sign-in attempts or profile changes you didn't make), select Secure your account.
We don't show all account activity. You'll usually just see significant events that could impact your account security. If you use the same device in the same location several times in a row, you might only see the first time you signed in.
Here are the types of activities you'll see on the Recent activitypage.
|
Session type |
What it means |
|---|---|
|
Account created |
A Microsoft account was created. |
|
Account name changed |
The name that identifies you in Microsoft products and services has changed. |
|
Additional verification requested |
As an extra authentication step, you received a security code by text, email, or authenticator app. |
|
Alias added; Alias deleted; Primary alias changed |
An alias is an additional email address that uses the same inbox, contact list, and account settings as the primary alias (email address) for your Microsoft account. Learn more about aliases. |
|
All security info marked for removal |
All the security info for your account (like alternate email addresses, phone numbers, and authenticator apps) was scheduled to be removed. Learn more about replacing security info. |
|
Alternate email added; Alternate email deleted; Identity verification app added; Identity verification app deleted; Phone number added; Phone number deleted; Recovery code added |
You've added or removed a piece of security info to your account. Learn more about security info. |
|
App password created; App password deleted |
App passwords are used for apps or devices that don’t support two-step verification. Learn more about app passwords. |
|
Automatic sync |
Your account automatically signs in as you when you connect your Microsoft account to an app or service that manages emails. You'll see the same automatic sync activity at regular time intervals. You might also see these protocols if your email apps or webmail services use them:
|
|
Incorrect password entered |
Someone tried to sign into your Microsoft account using the wrong password. We didn't allow this sign-in. (This might have been you, if you forgot your password—or it might have been someone else trying to access your account.) |
|
Password changed |
Your Microsoft account password has changed. If you didn’t do this, you should reset your password. |
|
Password reset |
You successfully reset your Microsoft account password. |
|
Permission given to an application |
You allowed another application to access your Microsoft account. |
|
Profile info changed |
Profile info such as your name, birth date, gender, country/region, or ZIP/postal code changed. Update your profile info. |
|
Sign-in blocked (Account compromised) |
We think someone else accessed your Microsoft account. We need you to provide some additional verification to unblock it. |
|
Sign-in blocked (Account temporarily suspended) |
We blocked your account because we noticed some suspicious activity. We need you to provide some additional verification to unblock it. |
|
Successful sign-in |
Someone signed into your Microsoft account using the correct password. (This was probably you.) |
|
Two-step verification turned on; Two-step verification turned off |
Two-step verification requires you to use two different methods of identity verification whenever you sign in. You can turn this feature on at any time. Learn more about two-step verification. |
|
Unusual activity detected |
Someone signed into your account using the correct password, but from a location or device that we didn't recognize. To make sure it was you, we sent you a notification and required an extra security challenge. (This might have been you, but we weren't sure.) |
Related topics
-
Manage your Xbox account or check a suspension. If your Xbox was stolen, contact the police and they can work with us to track the device location.
Need more help?
Want more options?
Explore subscription benefits, browse training courses, learn how to secure your device, and more.
Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.
