Can I trust email from the Microsoft account team?
If you get an email from Microsoft account team and the email address domain is @accountprotection.microsoft.com, it is safe to trust the message and open it.
Microsoft uses this domain to send email notifications about your Microsoft account. These notifications can include security codes for two-step verification and account update information, such as password changes.
You can check the validity of the email by inspecting the following areas:
-
Check the email address contains the domain @accountprotection.microsoft.com. You can also view the email's message headers to be sure the email is from Microsoft.
-
Check the account the email is hinting to belongs to you, and that you have requested the code.
Note: If you received a Microsoft verification code that you did not request, it could be because: someone is trying to access your account or someone accidentally entered the wrong phone/email when trying to sign in. Learn more about unrequested verification codes.