Someone has been trying to hack into my MSFT account for years. I constantly get the notifications. I can not see where they are trying from (unlike some other services that give you info about failed login attempts) nor add more security measures. I worry one day I will accidentally hit "Approve" or they will guess the 6 digit code they have tried thousands of times.
The fun part is that you can't disable OneDrive. No matter how many times I turn it off it always keeps turning OneDrive back on to put my private data in the cloud for the attackers. Of course I can't block the methods that are obviously under attack either.
And the lack of a login history view means I have no way to know if they were successful yet. Support has never been good (for legitimate users) and is basically non-existent with AI now.
I think the best defense against this is to delete the Microsoft account and enjoy a better life. (Unless, of course, you need it for Minecraft.)
You can view the recent activity on your Microsoft account @ account(dot)live(dot)com/Activity
Would show any logins or security info updates etc
Those login attempts which trigger 2fa app does not generate a log entry if unsuccessful. Only attempts with username/password does. For some strange reason.
So there is no way to flag them as malicious and if you accidentally accept, then it’s already too late.
Pretty annoying setup.