- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe to Topic
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
Strange logins listed under user in Azure AD logins
Hey all,
I've submitted a support request for this through the Azure portal, but its been way past the two hour window for a response. Also had no luck finding answers in my research, so I turned to here. Here's the issue, under one of our partner tenant users, I see logins like these below.
Office 365 Exchange Online | Success | 52.183.9.241 | Not Applied |
Quincy, Washington, US
If you do "who is" on the IP, its a Microsoft Azure IP. These logins happen at random times every night for the past two weeks. I'm baffled by this, and have no idea what it is. I'll most likely have the user reset their password just because of the uncertainity. I haven't been able to find any documentation on possible background services/tasks that would be doing this. What could this possibilly be?
- Labels:
-
CSP
-
Managed Services
- Mark as New
- Bookmark
- Subscribe
- Mute
- Permalink
- Email to a Friend
- Report Inappropriate Content
Maybe a user accessing the mailbox from a virtual machine running in Azure?
The AzurAD Sign-In logs might contain more info on the device that has tried accessing, so this might give another clue.
I would also advice to do a password reset, you could maybe also try to use conditional access to restrict access from unkown locations. Or enable Identity Protection to trigger password reset when a risk is detected or credentials are leaked on the internnet (btw - baseline policy "end user protection" would also enable those identity protection features).
Receive consultations via Technical Presales and Deployment Services team
