Comments (16)

  1. JB says:

    I was unaware of authenticator apps.  I just my various accounts and devices with them.  Thanks for the info!

  2. Craig says:

    Great information here.  Thanks!  Can this information be downloaded to a csv type file?  smartphones login each time it checks for mail so could be every 5 minutes.  Makes it really tough to look for anomalies.

  3. We are aware of the challenge of dealing with a lot of authentication information and we are looking into several approaches that would help with that problem for the next iterations of this page. I'll pass on your feedback to the feature team. Thank you!

  4. Vítor Pombeiro says:

    Hi, this is great information to check if there are someone using my account. I've to say that the translation to Portuguese the page as an error, on the page I've "amanhã" with in English is "tomorrow". Instead of "amanhã" it should be "ontem", I know you guys are great but I have my doubts that you know the future. 🙂

  5. Thank you for your report, Vitor!

  6. Craig says:

    Laurentiu, Thanks for the reply.  We are doing an investigation for a client right now.  Is there a way to formally make an ad hoc request this information to be put into a CSV?

  7. Craig says:

    Laurentiu, I need to add to my previous couple of message some comments.

    1. This account averages 366 sign-in's per day.

    2. Due to the security requiring me to re-enter my password every ?? minutes, I can't get the activity back 30 days.  Every time I re-enter the password I have to start over on where I was with showing more activity and I have little to know time to research any of older than 10 days.

    3. Having all the information in columns instead of having to expand each item would be extremely helpful.

    Any assistance would be greatly appreciated.  Craig.

  8. Unfortunately, today there is no online process for making the activity data available in a different form. In time, we will provide more tools to help with its analysis.

    But what exactly are you trying to accomplish. You are asking me about a specific solution, but you have not described the problem. There may be alternate solutions available.

  9. CraigBer34 says:

    Laurentiu, basically the account has been compromised and we are trying to identify who it is to support some legal claims.  We have a very good idea who it is but need to identify dates, times, IP,  Device/platform, and Browser/app.  This will help support our position when it is presented to the judge for further investigation.

  10. Sounds like you need to contact customer support for help with this issue. You can start that process here:

    windows.microsoft.com/…/id-support

  11. aprilbacon@hotmail.com says:

    Is there a way to access my activity record for October and November.  I was hacked into them abd I wanted to go back and check the location.  I checked the activity log back then and saw the hacking.  Now I want to show to police evidence of hacking after identity theft/fraud instance.

  12. The activity history page cannot display data older than a month because it is backed by a store that deletes entries older than one month (30 days to be precise). The feature is basically not built for auditing the activity of an account, but to help account owners check recent activity and to unblock recently blocked activity. I know it is too late to do that now, but you should have taken a screenshot of the information while you had access to it. We don't keep those records for more than 30 days. You may want to also contact customer support at the link I provided in the previous comment and see if they can give you any other guidance.

  13. gloptrattoria says:

    Hello Laurentiu, thanks for this great blog. Very useful.

    I hope you might help me with my question. I added a new email verification the other week and then I removed the phone number (I was changing provider the next day).

    Once I have deleted it does that mean Microsoft has also deleted it? The reason I ask is that in my Recent Account Activity page it still shows under "Account Security Info Deleted".

    Hope to hear from you…

  14. The way to check if a proof was deleted is to verify if it is still shown on the page from which you deleted it. If it doesn't, then it is no longer set as a proof and the deletion was successful. The Activity page will show the operation for the next month, after which time the activity record will expire and will be deleted – this record doesn't mean that the phone is still set as proof.

  15. gloptrattoria says:

    Hello Laurentiu.

    Thanks for your reply. So does a successful deletion mean that the old phone number is no longer attached to the account at all? I have heard that google, for example, actually still associate your old phone numbers and emails with an account, which is obviously a privacy issue.

    Thank you

  16. I already answered earlier – I am not sure what else to add to that except perhaps explain why it doesn't make sense to do otherwise.

    Phone numbers are associated with accounts for security reasons, so you can receive security codes by text/voice and use them to prove ownership of the account, or to receive notifications about suspicious account activity.

    Beyond being a privacy issue, it would be a security issue to still keep the number associated with the account when it may no longer be your number anymore. The association with the account is removed immediately. The record of the action will still be seen for 30 days in Activity (we show the addition and the deletion so you can monitor if someone else is doing these operations on your account), but the association is removed as soon as the deletion is done. We don't keep track of phone numbers formerly associated with accounts either.

    You also don't even have to provide us with a phone number if you set up an identity verification app and use that instead. See details here: windows.microsoft.com/…/identity-verification-apps-faq

    As for what google does, you would have to inquire with them, but I doubt they would keep associations around when you asked for their deletion.