Forum Discussion
Why are Microsoft Data Centres logging in to my Office 365 accounts? Activity Alerts - BAV2ROPC
so like everyone, I have noticed a huge increase in these connections; however some of mine are not from just Microsoft IP addresses, but also from normal public IP addresses. When looking at the AAD logs, it can be seen that the client application linked to this useragent is IMAP/POP.
However, I have seen a successful logon from a public IP using the BAV2ROPC useragent, where IMAP/POP was turned off.
So Im wondering whether the connection was actually successful (both AAD and UAL show it was) and if it was, what client application could use it that wasn't using IMAP and POP
bobster95 We started setting up Authentication Policies to disable Basic Auth (ahead of MS MC204828 mid 2021), but came across the following challenges in doing so, it may help others in their attempt to secure their Tenants (and hopefully stop BAV2ROPC occurring/logging):
Some admins were using PowerShell scripts and we had to exclude those individuals from the Policies. Also had to exclude users that were still using IMAP, POP3 and/or old phones configured with Exchange Activesync (in stead of the more secure O365 account) setup. And then there were the few using Office2013 (I know!) that could not upgrade as yet, and needed a Registry Hack or exclusion again.