In the event that you receive an MFA Authentication request that you did not generate, it is critical that you DENY the sign in and do not share any of the provided information.
While MFA is a fantastic security feature, it still can be exploited by malicious parties if not used properly. Ultimately, MFA relies on you correctly identifying authorized requests to keep you account safe.
If you receive an unrequested MFA request, it's likely due to one of two reasons.
1. Cookies may have expired, meaning that an app or web browser you were using needs to reauthenticate with MFA.
A Cookie in computer terms is a small piece of data that is used to identify you on the internet. Cookies let websites remember you, your website logins, shopping carts and more.
When you sign into anything, a cookie is created to temporarily store your authentication to that service. For services that use MFA, a cookie is also generated for your MFA authentication. This allows you to keep using the website or app without repeated sign ins or authentication.
However, cookies expire after a certain amount of time. When this happens, the service you are using needs to reauthenticate in order to keep working. Thus sending an unsolicited MFA request.
This has been known to happen with Outlook, Apple Mail, and Microsoft Teams. If any of these apps are responsible for generating your unrequested MFA prompt, they will not be working properly. Instead they will say they are "offline" or "disconnected". Closing and reopening these programs should provide you with another MFA prompt, which you can approve to get things working properly again.
2. Someone is Attempting to Log In to Your Account.
While the first option is more likely, an unexpected MFA request could mean that your password has been compromised and somebody is actively attempting to log into your account. If you believe that this may be happening to you, it is imperative that you change your password as soon as possible. You can do so using the Microsoft 365 portal, or by calling the ITS HelpDesk at 724-223-6022.
You can also see a log of all your account's successful and failed login attempts by visiting https://mysignins.microsoft.com/. If there are login attempts from locations you don't recognize, then somebody is trying to breach your account.
If you continue to receive unrequested prompts after changing your password, then they are likely being caused by an expired cookie as explained in reason 1.
If you have any questions regarding this information , or require further assistance, please reach out to the ITS HelpDesk.