![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 25%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
There is no manual override for Microsoft account security; only the official automated recovery paths can restore access.
Follow these steps in order:
- Use the Sign‑in Helper first
Go to the Microsoft account Sign‑in Helper tool: Sign-in Helper.
Enter the email address or phone number for the hacked account and follow the guided steps. The tool will either show self‑help options or offer a way to contact an agent, depending on the scenario. - If the account is hacked/compromised, use the hacked‑account flow
Use the hacked account troubleshooter: Start.
This will walk through:- Scanning devices for malware (to avoid the hacker regaining access).
- Changing or resetting the password if sign‑in is still possible.
- Reviewing account settings such as connected accounts, forwarding, and automatic replies.
- Fill out the Microsoft Account Recovery form (ACSR) correctly
Since the security info was changed and the phone number is no longer owned, the account recovery form is the only way to prove ownership. Before filling it out again:- Use a working email address that can receive messages (can be a friend/relative or a new Outlook.com address created via Create one on the Microsoft account sign in page). This address is only used to contact about the recovery request.
- Submit the form from a device and location where the account was often used.
- Old passwords used on that account (check browser‑saved passwords if needed).
- Services tied to the account (Xbox, Outlook.com/Hotmail, Skype, Microsoft Store, etc.).
- For Outlook/Hotmail: any contacts or subject lines (even a few exact ones).
- For Xbox: hardware ID of a console frequently used with that account.
- For Skype: Skype ID, contacts, and any recent purchases.
- Approximate account creation date.
- Regions/countries where sign‑ins usually occurred.
- Any Microsoft purchases made with that account.
- If the recovery form keeps failing
- The system will only restore access if the information provided is sufficient to prove ownership.
- If the form response says “not enough information,” adjust answers and resubmit with more detail; it can be submitted multiple times (up to a limit per day).
- If the automated recovery ultimately fails, support agents cannot bypass it or manually change security info for consumer accounts.
- If the account is locked (no Next button)
If sign‑in shows no Next option and a message about being locked, follow the aka.ms/ link shown on that page.
Fill out the reinstatement form there; a Microsoft Online Safety agent will review it and contact via email. Do not submit multiple requests in parallel, as that can slow down processing.
If the automated recovery and reinstatement processes do not accept the information, the account cannot be recovered, and a new Microsoft account must be created for future use.
References: