![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 35%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Identity Manager
A tool for managing user identities, credentials, and access across on-premises and cloud environments
On the Microsoft account Recent activity page, the This was me / This wasn't me buttons are only shown for items that Microsoft has classified as Unusual activity and only after expanding that specific activity.
Key points based on how this works:
- Check that you are in the right section
- If the page shows only a Recent activity section, there is nothing to confirm and the buttons will not appear.
- The buttons appear only in the Unusual activity section and only after expanding an activity entry.
- How to review more details when unsure if it was you
On the Recent activity page, expand the activity entry to see:- Date and time of the activity
- Location and a map (note that mobile networks can route through different locations)
- IP address of the device
- Device/OS type
- Browser or app used
- When the buttons are available
In the Unusual activity section, after expanding an item:- Choose This wasn't me if the activity is not yours or you are not sure. This starts Microsoft’s process to help protect the account, including asking to change the password and update security info.
- Choose This was me if the activity is recognized as legitimate, which helps avoid unnecessary blocking.
- If there is no Unusual activity section or no buttons
- That specific sign-in may not be flagged as unusual, so the confirmation buttons will not be shown.
- You can still proactively secure the account:
- Go to the Security settings page from the Recent activity article and change the password and update security settings.
- Optionally remove trusted devices and review security info on the Security basics page.
- How Microsoft alerts and who to contact
- For unusual sign-ins, Microsoft sends alerts to alternate contact methods and may require a security code to verify it was really you.
- If unsure whether an email alert is legitimate, verify the sender: legitimate alerts come from the Microsoft account team at
******@accountprotection.microsoft.com. - If an email looks suspicious, do not click links; instead, directly sign in to the account and check the Recent activity page.
- If the suspicious message itself looks like phishing (for example, in Outlook or Outlook.com), select the message and use Report > Report phishing to report it.
- If you believe the account may be compromised
- Immediately change the account password and review security info.
- Check Recent activity for any unfamiliar sign-ins and, where available, mark them as This wasn't me.
- If you travel often or sign in from new devices, consider using Microsoft Authenticator to reduce false “unusual activity” alerts.
If the activity is clearly suspicious but still does not show the This wasn't me option, treat it as a potential compromise and follow the secure-your-account steps above while using the Recent activity and Security basics pages to manage and monitor the account.
References: