I received an email We detected something unusual about a recent sign-in to the Microsoft account Moderator note: personal info removed

Dear @Margaret Owen,

 Good day. Thank you for posting your question in the Microsoft Q&A forum. I completely understand your concern. Receiving a security alert about "unusual activity" on your account can be very unsettling, especially when you are unsure if the notification itself is a legitimate warning or a phishing attempt. Your caution is exactly the right approach to keeping your digital identity safe. 

Is the Email Authentic? 

Yes, accountprotection.microsoft.com is a legitimate domain used by Microsoft to send security notifications. Specifically, alerts regarding unusual sign-ins, security codes, and account changes typically come from accountprotection.microsoft.com. 

Can I trust email from the Microsoft account team? - Microsoft Support 

However, because attackers sometimes try to mimic these addresses, the safest way to handle this is to ignore the links in the email and check your account status directly through official channels. 

 
To ensure your account is secure without risking a phishing link, please follow these steps: 

Step 1: Check Recent Activity Manually: 

• Open a new browser window and go directly to: What is the Recent activity page? - Microsoft Support 
• Sign in with your credentials. 
• Look for any entries marked as "Unusual activity" or sign-ins from locations/devices you don't recognize. 

Step 2: Confirm the Activity: 

• If you see the activity listed and it, was you (e.g., you used a VPN or traveled), you can select "This was me." 
• If you do not recognize the activity, select "This wasn't me." Microsoft will then guide you through securing your account and changing your password. 

Step 3: Strengthen Your Security: 

• If you haven't already, enable Two-Step Verification (MFA). This ensures that even if someone has your password, they cannot access your account without a second code sent to your phone or an app. 

For your peace of mind, you can verify this information in these official articles: 

What happens if there's an unusual sign-in to your account 

Please let me know if you have any further questions or if the problem persists after trying these solutions. Thank you for your patience and cooperation. 

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".   

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

To determine if the email you received is authentic, you should check the sender's email address. Microsoft typically uses the following domains to send emails:

1. microsoft.com
2. microsoftsupport.com
3. mail.support.microsoft.com

Since the email you received is from ******@accountprotection.microsoft.com, it appears to be from a legitimate Microsoft domain. However, it's important to exercise caution. You should hover over links in the email to verify their validity and ensure they point to Microsoft’s official sites. Additionally, check for any signs of phishing, such as poor grammar or requests for personal information.

If you suspect the email might be a phishing attempt, do not click on any links or provide any personal information. You can report the email to Microsoft for further investigation.

References:

• How do I know if an email from Microsoft support is genuine?