I recently worked through a security issue with my Microsoft account and am now sharing this story and information that might be useful to others. Also, by writing a blog post I have an easy record of the issue for when I need to recall the details later. I conclude that the security features worked as intended.
I lost an iPad a few weeks ago. It cannot be traced using the “Find my iPhone” app. I presumed that the battery was dead and that I would eventually find it in the mess of my car or somewhere at home. Then I started receiving security messages via email from Microsoft. The message was:
|Verify your account
|We detected something unusual about a recent sign-in for the Microsoft account *****@outlook.com. For example, you might be signing in from a new location, device, or app.
|To help keep you safe, we’ve blocked access to your inbox, contacts list, and calendar for that sign-in. Please review your recent activity and we’ll help you take corrective action. To regain access, you’ll need to confirm that the recent activity was yours.
I used the “Review recent activity” tool. It told me that the Microsoft account was attempting to sync but did not indicate which device caused the issue. The “Location” field did not have any useful information. But the IP address was provided so I used iplocation.net to track the location. It said the sync was being attempted from Great Britain. Could my iPad be in Great Britain? Or was the data an error? (I am inclined to doubt the reliability of the location information).
I considered adding two step verification but opted to simply change the account password instead. I use random machine generated long passwords using a combination of letters numbers and symbols.
There is no indication that my account was compromised. There does seem to be evidence that one of my devices is attempting to sync from an unusual location.
I will continue to monitor the account for other issues.