I wonder if any of the Microsoft MVPs or others have any ideas about this. Twice now I have gotten notices from Microsoft (Microsoft account team [firstname.lastname@example.org] of unusual sign-in activity. Both times are from the same IP address which appears to belong to Microsoft. Sign-in details: Country/region: United States IP address: 126.96.36.199 This IP address apparently belongs to Microsoft. http://whois.domaintools.com/188.8.131.52 NetRange: 184.108.40.206 - 220.127.116.11 CIDR: 18.104.22.168/16 NetName: MICROSOFT NetHandle: NET-132-245-0-0-1 Parent: NET132 (NET-132-0-0-0-0) NetType: Direct Assignment OriginAS: Organization: Microsoft Corp (MSFT-Z) RegDate: 2011-06-22 Updated: 2013-08-20 Ref: http://whois.arin.net/rest/net/NET-132-245-0-0- At first I thought it might be phishing email, but it appears to be legit. I've contacted Microsoft support but so far all I got was now to change my password, add two-factor authentication, etc. What I'd really know is why is a person or script/bot, or whatever accessing my account.