I received an email Alert this morning from Microsoft Outlook Security that they found unusual activity on my account. The Outlook account user also received a security notification about unusual activity. Georg also sent me the link to this Microsoft Answers forum post where the behavior (occurred on July 13, 2022) was reported as of July 14, 2022. Another affected user confirms the observations – with nothing in the way of a response in the Q&A session. The activities originate from Microsoft Azure server IPs. Under the title Unusual sign-in activity email from MS, the user reports two notifications from his email account.
For example, he came across this article by a victim at Microsoft Q&A: Georg did some research on his own and came across some other sources on the Internet apart from the case in France I linked to above. In the meantime my sister writes me that she also got the security message again and the account is locked. After logging into the web interface this time there are no suspicious logins logged. Now today I received another security warning from MS. Then his account was blocked a second time and to this he wrote: Here, another IP is used, but it also belongs to the IP address range mentioned above, which is assigned to Microsoft. After a web login, I also had a suspicious login in the web interface. My account was also blocked from sending mail. He wrote:Īt the same time, I noticed that I had also received an identical security warning for my account. He had also found out that "the IP address probably belongs to Redmond," as he put it. Georg mentioned in his email that he was rushing into the same problem shortly after his sister called for help. The problem would take care of itself … The blog reader is suddenly affected himself The best hint was that a third party is trying to access the account – and that the two-factor authentication (2FA) employed by the user would probably help there.
The discussion is not so purposeful (at least to my taste), because it asks if the user could not exempt the IPs in question from monitoring. … Because it is wearing me down … Thanks for your opinions.Īlso there are various IP addresses mentioned which all belong to Microsoft.
I changed my process of how my iPhone and PC access the Microsoft email account. This morning I had this unusual notification again.
Hello, since 4 days my email notifies me about an unusual connection to the USA and I have to change the password (for the 4th time this morning) but nothing happens. But during my first search for the above IP address, I came across this French-language forum where a user complains about constant security messages: Well, the above case could have been dismissed as an isolated event. The IP address range 13.64.0.0 – 13.107.255.255 is registered for Microsoft itself. I entered the IP address 13.101.111.171, reported in the login attempts, in this database and other domain tools. According to Georg, after logging in to the web interface, he could see suspicious logins was made from the USA via IMAP protocol to the online account – rather unlikely for a German user. However, it was still possible to log in to the web interface. The account has been suspended, and no more POP3/IMAP connections are possible. He did send me a screenshot of his German notification, saying that probably another person has access to the Microsoft account. On Friday, my sister informed me that she had received a security warning by mail to the security mail address stored in your account.
He wrote:Īt Microsoft's free mail service "" the security mechanisms seem to go crazy (or someone is playing around in Microsoft's system?).
contacted me via e-mail (thanks for the tip) and reported that the security mechanisms at Microsoft's e-mail service seemed to be going a bit crazy.