Share via

Receiving Azure Monitor alert emails, but I don’t have an Azure account — how do I stop them?

Ray Specht 0 Reputation points
2026-03-12T19:28:24.81+00:00

Hi, I’m hoping someone can help me understand what’s going on. I’ve recently started receiving email alerts from Azure Monitor, but I do not have an Azure subscription, have never set up any Azure services, and have no access to the Azure portal.

The emails look legitimate and come from Microsoft, but I have no idea why my address is associated with any Azure resources. I can’t sign in to check because I don’t have an Azure account tied to this email, and I’m concerned that either:

someone mistakenly entered my email on their Azure resources, or

my email address was added to an alert rule without my knowledge.

What is the correct way to get these alerts stopped or investigated? Is there a way for Microsoft to check whether my email is attached to someone else’s Azure subscription?

Thanks in advance for any guidance.

Azure Monitor
Azure Monitor

An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.

0 comments
Answer accepted by question author
  1. Suchitra Suregaunkar 9,270 Reputation points Microsoft External Staff Moderator
    2026-03-12T19:55:46.3233333+00:00

    Hello Ray Specht Good Day!

    Thank you for posting your query on Microsoft Q&A platform.

    What you’re describing closely aligns with a known scam pattern involving Azure alert emails.

    In these cases, attackers first gain access to an Azure subscription and then deliberately configure alert rules to send notifications to external email addresses (such as yours). They subsequently trigger those alerts. While the emails are technically generated by Azure, the alert message content itself is authored by the attackers.

    These emails typically include alarming language such as:

    • references to a “Fraud Prevention System” or “Windows Defender,”
    • warnings about large, suspicious charges,
    • threats of account suspension, and
    • a so‑called “Fraud Resolution” or “Support Hotline” phone number.

    The objective is to pressure recipients into calling that number, where the scam continues.

    Important guidance:

    • Do not call any phone number mentioned in the email.
    • Do not click any links included in the message.
    • Simply delete the email.

    It’s worth noting that these messages can appear convincing because they are sent from legitimate Microsoft email infrastructure. However, Microsoft does not include phone numbers or urgent call‑to‑action language like this in genuine Azure alert notifications.

    Reference: https://malwaretips.com/blogs/microsoft-azure-alert-was-triggered-scam-exposed-investigation/

    If the provided information helped, kindly consider marking the answer as "Accepted" and "Upvote" it. This helps other community members who may encounter a similar issue in the future.

    If you have any queries, please feel free to reach out us.

    Thanks,

    Suchitra.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-12T19:28:40.9366667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Azure Monitor alert emails are legitimate Microsoft notifications that are sent from specific system addresses such as azure-noreply@microsoft.com, azureemail-noreply@microsoft.com, or ******@mail.windowsazure.com. These addresses are used for alert action groups and other Azure notifications.

    If these alerts are being received but there is no Azure subscription or portal access associated with the address, the most likely explanations are:

    1. The email address was added as a recipient in an Azure Monitor action group or notification setting by someone else (for example, another organization or administrator) by mistake.
    2. The email address is configured as a notification recipient in a service such as Microsoft Entra Domain Services or Application Insights Smart Detection for a tenant or subscription that belongs to someone else.

    Because only the owner or administrator of that Azure subscription/tenant can see and change alert rules and notification recipients, the only supported ways to stop these emails are:

    1. Use the unsubscribe or opt-out mechanism in the alert email itself, if present. Azure Monitor and related services allow recipients to unsubscribe from action group emails; this removes the address from that action group’s notifications without requiring portal access.
    2. If there is no unsubscribe option in the message, treat it as an unwanted but legitimate notification and handle it at the mail system level:
      • Add a rule in the email client or server to move messages from the Azure alert sender addresses (for example, azure-noreply@microsoft.com) to a separate folder or delete them.
      • Mark the messages as junk/spam so that the mail system filters them automatically in the future.
    3. If there is concern that the address is being used in connection with a Microsoft account or security-related activity (for example, “Microsoft account security alert” messages), review account security and recent activity as described in the Microsoft account guidance at the Security basics page and Recent activity page, and secure the account if any activity is not recognized.

    Microsoft cannot expose or disclose another customer’s Azure subscription or configuration, so there is no supported way to see whose subscription the address is attached to. Removal from those alerts must be done either by unsubscribing from the email itself (if offered) or by the administrator who configured the alert.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.