![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 21%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Follow these steps to handle the unusual activity and the fact that sign-in is blocked by security requirements that were not set up:
- Check recent activity and confirm it was not you
- Go to the Recent activity page for that Microsoft account: https://account.live.com/Activity.
- Review sign-ins and security events for the last 30 days. If you see activity that was not yours, mark it as such and follow any prompts to help secure the account.
- If you cannot sign in at all because of the security key prompt, proceed to the recovery steps below.
- Use the official “compromised account” recovery flow
- If sign-in is blocked by a security key or other method you did not configure, treat the account as compromised.
- On the sign-in page, choose Forgot my password, then select I think someone else is using my Microsoft account, and follow the instructions. This is the supported path when someone else may have added or changed security settings.
- If you still cannot sign in, use the account recovery guidance in When you can't sign in to your Microsoft account and complete the recovery form as accurately as possible.
- If you regain access, immediately secure or close the account
- Change the password from the Security basics page.
- Review and remove any unknown security info (alternate email, phone, sign-in aliases) and trusted devices.
- Check the Recent activity page again to confirm no further suspicious sign-ins.
- If the account is no longer needed, follow the normal process to close the Microsoft account once it is fully under your control.
- If the account is very old and cannot be recovered
- For accounts that have not been accessed for more than 2 years, Microsoft may have permanently deleted them, and they cannot be restored or reused. In that case, there is nothing further that can be done with that specific address.
- Protect the current email and devices
- Since security notifications are going to the current personal email, ensure that account is secured with a strong password and updated security info.
- Run antivirus scans and keep operating systems updated as described in the Outlook.com protection guidance.
If recovery attempts continue to fail, use the official Microsoft Support contact channel (for example, via the “Contact Support” option referenced in the Recent activity documentation) to report that the account appears compromised and that the automated recovery flow is blocked by an unexpected security key requirement.
References:
- What happens if there's an unusual sign-in to your account
- Check the recent sign-in activity for your Microsoft account
- Help protect your Outlook.com email account
- How to sign in to Hotmail
- Attempting to access old email - Microsoft Q&A
- my microsoft account has been compromised - Microsoft Q&A
- My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
- My account got hacked. - Microsoft Q&A
- How do I send an email to Microsoft about my account being hacked and taken over by <removed> ? - Microsoft Q&A