Forum Discussion
Why are Microsoft Data Centres logging in to my Office 365 accounts? Activity Alerts - BAV2ROPC
Hello, I have an activity alert set up to email me whenever a log in is detected from one of my 12 office 365 email users. These emails contain the username logging in and the IP address the log in o...
Hi there.
To be honest I still don't know for certain.
It appears it's ok, and MS told me it was ok, but I still don't know why it's happening.
If MS could chime in that'd be great.
The bad actors are hitting you probably via Exchange On Line (EXO) basic authentication facilities or its coming from a VM in aa Azure tenant. Its remarkable easy to get a cloud resource on AWS, Azure, etc.. to launch your attacks.
First - Please report it - https://msrc.microsoft.com/report/abuse
You can use the O365 Admin Center to disabled basic auth.
https://admin.microsoft.com
Goto Settings/Org settings/Modern Authentication and uncheck all the basic auth stuff. This will break old versions of Outlook and other older mail apps on phones and such.
Also, get at least P1 licensing and use conditional access policies to MFA everyone. And don't use SMS for MFA. Use the Microsoft Authenticator app which is much more secure.
Any user that is being attacked should be aware in case a bad actor does get a good password the end user does not need to be approving MFA for something they did not attempt.
Train you users. Test you users. You users are part of your solution.
First - Please report it - https://msrc.microsoft.com/report/abuse
You can use the O365 Admin Center to disabled basic auth.
https://admin.microsoft.com
Goto Settings/Org settings/Modern Authentication and uncheck all the basic auth stuff. This will break old versions of Outlook and other older mail apps on phones and such.
Also, get at least P1 licensing and use conditional access policies to MFA everyone. And don't use SMS for MFA. Use the Microsoft Authenticator app which is much more secure.
Any user that is being attacked should be aware in case a bad actor does get a good password the end user does not need to be approving MFA for something they did not attempt.
Train you users. Test you users. You users are part of your solution.