I am breaking silence after a long pause. I have not had much information to share here as I have mostly worked on infrastructure services with no customer facing surface. Since 2011, I have been working in Microsoft account, the authentication service that powers most of Microsoft’s services. Today we rolled out a new security feature that I think many will find very useful in keeping an eye on their accounts for detecting unauthorized access – the account activity history page.
The activity history page can be accessed by going to account.live.com, signing in, and then selecting the Recent activity option. It will display details about your most recent activity and you can check that activity up to a month back in time (see http://www.microsoft.com/en-us/account/security/recentactivity.aspx for a detailed explanation of the content). If you have a secondary type of proof on your account, it will be used for granting access to the page, as it contains potentially sensitive information about your whereabouts, so you should consider setting up such proof if you do not have one set already. If you see unauthorized successful activity, you can also report it and we will take you through some steps to strengthen the security of your account. Note that some activity may appear to come from a different location than you expect simply due to how mobile devices grab IP addresses – this is why you should check the additional details about the source of the authentication. Right now, older activity entries may have these marked as Unknown because such information only started being stored as the feature was rolled out – such instances are expected at this point and should not raise a red flag.
Let me take this opportunity to also recommend pairing your Microsoft account with an authenticator app. This can be done again by visiting account.live.com and navigating to the Security info page under Overview. To pair the authenticator app with your Microsoft account, just follow the instructions in the Authenticator app section of the page – it is a quite simple process. The Microsoft Authenticator app for Windows Phone is available here: http://www.windowsphone.com/en-us/store/app/authenticator/e7994dbc-2336-4950-91ba-ca22d653759b. If you have a different phone, you should be able to use a compatible authenticator app like the Google Authenticator. A tip for Microsoft Authenticator – if you want to copy-paste a code, just touch it and hold until an option appears to do so.
Finally, let me link to another post that touches on other features rolled out at the same time as the activity history page:
[UPDATE 2013/12/12]: I just realized I pasted the wrong link at the end of this post – just fixed.