Stopping Microsoft Single use code emails – A Step-by-Step Guide

At times, if you have a Microsoft Account, you might be receiving an email notification containing a single-use code. It can also be an Authenticator request to log in, which you deny essentially, because you did not request it. This article would help you get rid of Microsoft’s single-use code, which was not requested by you.

Background

If you have been receiving a code lately, chances are that at the Account Activity page, you will see thousands of failed logins from different parts of the World. The reason why it happens is that your Email or Password has been leaked in a data breach. After the breach, you used the same credentials, and hackers are using the same credentials to log in. When the pattern matches, Microsoft sends a single-use code to verify it is you (Pretty solid system, ain’t it?).

You might panic or worry about these requests since you didn’t request them. Fortunately, you can fix the issue with a simple setting change.

Stopping single-use code from Microsoft

Hiding or disabling the sign-in capability for your email would get rid of the single-use code emails. Hiding it would mean that it is not possible to log in using the same, but you can use it for emailing. For that, do the steps below:

• Make a new Alias for login purposes at this link.
• Next, fix this alias as the primary alias at https://account.live.com/names/manage page.
• Now, the next step is to disable the sign-in capability for the the original email, which is possibly hacked in a data breach. Concurrently, You can manage that on this page. Uncheck the Email and click Save.
• Furthermore, as expected, you can still send and receive email from the old Alias – you have just disabled the capability of it to sign in. Remember to keep the new alias secret or use elsewhere. The dropdown on Outlook apps, like Android and Outlook New on Windows would show you all your addresses to send an email from.
• Now, when someone would try to use the breached address, they will hit an error. The error message would say that the Email does not exist.

Remember, you must not remove your Email on the manage usernames page. If you do so, this action is irreversible. Removing would mean the emails to that account would bounce back to the sender.

Modern authentication-aware devices like the Xbox One/Series and Windows 10 will automatically recognize this change, allowing you to connect as before.

To summarize, following the steps in this article should stop unsolicited single use code emails from Microsoft.

All credit to this Reddit post for the solution.