Locked Out of Your Microsoft Account? How to Recover and Sign Back In

When Microsoft locks your account, you lose access to Outlook email, OneDrive, Microsoft 365, Xbox, and even Windows sign-in if you use a Microsoft account to log in. Lockouts happen for three broad reasons, suspicious activity, too many failed attempts, or a Terms of Use flag, and the recovery path is different for each. Identifying which one you are facing first will save you days of frustration.

Key takeaways

• The fix depends on the type of lock: a security-code prompt unlocks in minutes; a Terms-of-Use flag needs a manual review.
• For a suspicious-activity lock, you can send the security code to any phone number during the unlock flow, it doesn't have to be the one on file.
• If two-step verification is on and you've lost your methods, the recovery form can't override it, you face a 30-day security-info replacement instead.
• Save your 25-character recovery code now; it bypasses two-step verification if you ever lose your authenticator.

Why accounts get locked

Microsoft locks accounts to protect them when it detects:

• Unusual sign-in activity (a login from a new country or device).
• Too many failed password or verification attempts.
• A suspected Terms of Use or Code of Conduct violation (spam, abuse).

Knowing which one you're facing changes the recovery path entirely, so read the on-screen message carefully before acting. Use this table to match the symptom to the right case below and roughly how long it takes:

What you see	Lock type	Recovery path	Typical time
"Verify your identity" code prompt	Suspicious activity	Security code at account.microsoft.com	Minutes
No Next button, an aka.ms/ link	Terms-of-Use flag	Reinstatement / compliance form	Days (manual review)
Blocked after repeated tries	Too many attempts	Stop, wait 24 hours	About 24 hours
"Wrong password" only	Not locked, forgotten password	Password reset page	Minutes
Lost all recovery methods	Any, plus no contacts	Recovery form (account.live.com/acsr)	24 hours+
Two-step on, methods lost	Any, with 2SV	Recovery code or 30-day replacement	Instant or 30 days

Case 1: You see a "verify your identity" prompt

If you can start signing in but Microsoft asks for a security code, the account is locked for suspicious activity, the most common and easiest case.

1. Go to account.microsoft.com and start signing in.
2. When prompted, request a security code.
3. Choose where to send it, your registered email or phone.

4. Enter the code to verify and unlock the account.

Case 2: There's no "Next" button

If the sign-in window shows no Next option, your account was locked for a suspected Terms of Use violation. This needs a manual review.

1. Look for a link in the window that begins with aka.ms/.
2. Follow it and complete the reinstatement form (the compliance review path is aka.ms/compliance).
3. A Microsoft Online Safety agent reviews your submission and replies by email.

This path is slower and depends on the reviewer, so be patient and check the email tied to the form.

Case 3: You're blocked after too many attempts

Repeated failed sign-ins or verification attempts trigger a temporary block.

• Stop trying. Each new attempt can reset the timer and extend the block.
• Wait at least 24 hours without any sign-in attempts before trying again.
• Then sign in normally, the temporary block usually clears on its own.

Case 4: You forgot the password (not truly locked)

If you simply can't remember the password, you're not locked, you need a reset.

1. Go to the password reset page and enter your account email or phone.
2. Verify with a code sent to your recovery contact.
3. Set a new password.

If verification fails because your recovery info is outdated, use the account recovery form described below. A strong replacement password matters here. If the lockout has you worried about account takeover more broadly, our guide to defending against Microsoft 365 token theft covers the phishing-resistant protections worth adding.

Last resort: the account recovery form

When you've lost access to all recovery methods, the recovery form (account.live.com/acsr) is how you prove ownership.

1. Open the Microsoft account recovery form.
2. Fill in as much detail as possible, old passwords you've used, names of folders or contacts, the date you created the account, and any subscriptions or devices linked to it.
3. Submit from a device and network you've used to sign in before, familiar location data improves your odds.
4. Microsoft emails the result to the alternate contact email you provide on the form.

The recovery form can take 24 hours or more, and accuracy matters more than speed. Vague answers get rejected. Gather your old passwords, billing details, and frequent contacts before you submit, and don't file duplicate forms, that can slow the review.

Prevent the next lockout

Once you're back in, harden the account so this doesn't recur.

• Add and verify at least two recovery methods (a backup email and a phone).
• Turn on two-step verification.
• Set up the Microsoft Authenticator app and save your 25-character recovery code somewhere safe offline.

If this lockout was triggered by a real intrusion rather than a false alarm, it's worth confirming your credentials aren't circulating; our coverage of the 24-billion-credential data leak explains how to check and respond.

Frequently asked questions

How long does a Microsoft account lock last?

A temporary block from too many failed attempts usually clears within 24 hours if you stop trying. A suspicious-activity lock clears as soon as you pass the security-code check. A Terms-of-Use review depends on a human agent and can take days.

Can I unlock my account without access to my registered phone or email?

For a suspicious-activity lock, yes, you can have the security code sent to any phone number during the unlock flow. For a full loss of all recovery methods, you must use the recovery form, and if two-step verification is on, the 30-day replacement process.

What is the 25-character recovery code and why does it matter?

It's a one-time code Microsoft generates when you set up account security. If you lose access to your authenticator and other methods, entering it bypasses two-step verification and gets you back in. Save it offline now, without it, a two-step-verification lockout can be unrecoverable.

Why does Windows itself lock me out when my Microsoft account is locked?

If you sign in to Windows with a Microsoft account, your local login validates against that account. When it's locked, Windows sign-in fails too. Unlocking the account online restores Windows access; setting up a local account or Windows Hello PIN as a fallback avoids being fully locked out of the PC.

Quick recap

For a suspicious-activity lock, a security code at account.microsoft.com unlocks you in minutes, and you can send the code to any phone. For a Terms-of-Use lock, use the aka.ms/ reinstatement link. If you've lost all recovery contacts, the recovery form is your path, so fill it out in detail, and remember that two-step verification can only be cleared with your saved recovery code or the 30-day replacement process.