Exchange Online suspicious logins

Hi

Not sure if this the right place to ask, but I have notice a constant stream of login attempts to my exchange online account. We have country and IP address conditional access policies, and MFA in place  for everyone, and I am used to seeing the constant China, Russia, etc hacking attempts.

But this one is unusual in that the login attempts appear to be coming from our IP address, the signin logs should "Office 365 Exchange Online" "Failure" "IP" "Region" Conditional Access> "Not Applied" and "Single-factor authentication".

What ever application is trying to access Exchange Online is obviously failing, but my concern is this is happening 10 times an hour in a space of 2 minutes, it stops and then starts again. And even stranger there is not device information attached to the signin record, and the Device info page says Compliant: No and Managed: No. All device no the network are compliant and Azure Joined.

I have not idea where to start trying to track what is going on.