Comments (20)

  1. JB says:

    I was unaware of authenticator apps.  I just my various accounts and devices with them.  Thanks for the info!

  2. Craig says:

    Great information here.  Thanks!  Can this information be downloaded to a csv type file?  smartphones login each time it checks for mail so could be every 5 minutes.  Makes it really tough to look for anomalies.

  3. We are aware of the challenge of dealing with a lot of authentication information and we are looking into several approaches that would help with that problem for the next iterations of this page. I'll pass on your feedback to the feature team. Thank you!

  4. Vítor Pombeiro says:

    Hi, this is great information to check if there are someone using my account. I've to say that the translation to Portuguese the page as an error, on the page I've "amanhã" with in English is "tomorrow". Instead of "amanhã" it should be "ontem", I know you guys are great but I have my doubts that you know the future. 🙂

  5. Thank you for your report, Vitor!

  6. Craig says:

    Laurentiu, Thanks for the reply.  We are doing an investigation for a client right now.  Is there a way to formally make an ad hoc request this information to be put into a CSV?

  7. Craig says:

    Laurentiu, I need to add to my previous couple of message some comments.

    1. This account averages 366 sign-in's per day.

    2. Due to the security requiring me to re-enter my password every ?? minutes, I can't get the activity back 30 days.  Every time I re-enter the password I have to start over on where I was with showing more activity and I have little to know time to research any of older than 10 days.

    3. Having all the information in columns instead of having to expand each item would be extremely helpful.

    Any assistance would be greatly appreciated.  Craig.

  8. Unfortunately, today there is no online process for making the activity data available in a different form. In time, we will provide more tools to help with its analysis.

    But what exactly are you trying to accomplish. You are asking me about a specific solution, but you have not described the problem. There may be alternate solutions available.

  9. CraigBer34 says:

    Laurentiu, basically the account has been compromised and we are trying to identify who it is to support some legal claims.  We have a very good idea who it is but need to identify dates, times, IP,  Device/platform, and Browser/app.  This will help support our position when it is presented to the judge for further investigation.

  10. Sounds like you need to contact customer support for help with this issue. You can start that process here:

    windows.microsoft.com/…/id-support

  11. aprilbacon@hotmail.com says:

    Is there a way to access my activity record for October and November.  I was hacked into them abd I wanted to go back and check the location.  I checked the activity log back then and saw the hacking.  Now I want to show to police evidence of hacking after identity theft/fraud instance.

  12. The activity history page cannot display data older than a month because it is backed by a store that deletes entries older than one month (30 days to be precise). The feature is basically not built for auditing the activity of an account, but to help account owners check recent activity and to unblock recently blocked activity. I know it is too late to do that now, but you should have taken a screenshot of the information while you had access to it. We don't keep those records for more than 30 days. You may want to also contact customer support at the link I provided in the previous comment and see if they can give you any other guidance.

  13. gloptrattoria says:

    Hello Laurentiu, thanks for this great blog. Very useful.

    I hope you might help me with my question. I added a new email verification the other week and then I removed the phone number (I was changing provider the next day).

    Once I have deleted it does that mean Microsoft has also deleted it? The reason I ask is that in my Recent Account Activity page it still shows under "Account Security Info Deleted".

    Hope to hear from you…

  14. The way to check if a proof was deleted is to verify if it is still shown on the page from which you deleted it. If it doesn't, then it is no longer set as a proof and the deletion was successful. The Activity page will show the operation for the next month, after which time the activity record will expire and will be deleted – this record doesn't mean that the phone is still set as proof.

  15. gloptrattoria says:

    Hello Laurentiu.

    Thanks for your reply. So does a successful deletion mean that the old phone number is no longer attached to the account at all? I have heard that google, for example, actually still associate your old phone numbers and emails with an account, which is obviously a privacy issue.

    Thank you

  16. I already answered earlier – I am not sure what else to add to that except perhaps explain why it doesn't make sense to do otherwise.

    Phone numbers are associated with accounts for security reasons, so you can receive security codes by text/voice and use them to prove ownership of the account, or to receive notifications about suspicious account activity.

    Beyond being a privacy issue, it would be a security issue to still keep the number associated with the account when it may no longer be your number anymore. The association with the account is removed immediately. The record of the action will still be seen for 30 days in Activity (we show the addition and the deletion so you can monitor if someone else is doing these operations on your account), but the association is removed as soon as the deletion is done. We don't keep track of phone numbers formerly associated with accounts either.

    You also don't even have to provide us with a phone number if you set up an identity verification app and use that instead. See details here: windows.microsoft.com/…/identity-verification-apps-faq

    As for what google does, you would have to inquire with them, but I doubt they would keep associations around when you asked for their deletion.

  17. Shiv says:

    Hi, i have a question.
    Is it possible to view activities older than a month ? This information that i am looking for is really important. Someone tried to access my email by resetting my password and adding his phone number to my mail. This is a matter of hospital secrecy, there is a case filed against the person and i am sure that i saw his number added to my account. The problem is that is happened in November, so i am looking for a way to view those activities to present it as evidence in court.

    Please, if anyone has any information about how i can get to see those activities you can contact me on ddont4judge@gmail.com .

    Thank you..

    1. The activity history feature cannot display data older than 30 days. This feature is backed by storage that only tracks the last 30 days of activity. Any activity that is older than 30 days is automatically deleted from this storage.

      The activity history feature was not meant as an auditing log that can go back over several months. It was meant to help account owners monitor their accounts to detect recent unauthorized access. If anything suspicious is noticed and you would like to keep a record of it, you should take a screenshot of the page, because the activity record will be deleted after 30 days.

      For your scenario, you should contact our customer support and request access to your account’s logs. You can start here:
      https://privacy.microsoft.com/en-us/privacystatement/
      Select “How to Access & Control Your Personal Data”, then “Learn More”, and you will see a paragraph providing a web form contact link. Here’s the link:
      https://privacy.microsoft.com/en-US/privacy-questions?ln=EN-US
      Use this to describe your scenario and ask for support.

  18. Becky says:

    I just joined today and downloaded skype. I tried it out a few times, then got locked out of the app. When I signed in online it said my account was flagged for unusual activity. — When I opened “recent activity,” it showed that I joined yesterday, and all the times were wrong. I created the account this morning and used it this morning (and maybe early afternoon). Yet it shows that those try-it-out happened at 9 pm and such, last night. Why is that?

    1. The activity times get converted from UTC to the time zone information that you have set for your account. It appears that you have set a different time zone for your account than the one you’re currently in.

      Go to https://account.live.com/, select ‘Your Info’ and then ‘Edit your personal info’, and make sure that ‘Time zone’ is set to where you live. You should then see the correct time information for your activity. Also, at the top of the activity page, the Time column should indicate the time zone as well.

Skip to main content