Forum Discussion
JakobRohde
Jan 07, 2020Iron Contributor
Service account with weird travel habits
We have a service account used by an application. Our data center is in West Europe, and I would expect all logins by the service account to occur from there, so I am puzzled why I receive email alerts about "User at risk" showing that the service account logs in from different places around the world: Hong Kong, Istanbul, Sao Paulo etc. Before I panic, I want to hear if the behavior can be explained as being innocent and normal?
Hello!JakobRohde
That really depends on what resorces the service account is used for.
Is it used for any other SaaS apps other than Microsoft, that could have their resources in these locations?
The IP Addresses, that are logged from these locations, are they familiar to you?
This isn't usual behavior from my experience, if you dont, like I said earlier, have worloads that could be located in these areas.
I suggest doing some more investigation on the IP addresses used, and also change the Password ( if it's not to much of a hassle for you )
Kind Regards
Oliwer
- oliwer_sundgrenSteel Contributor
Hello!JakobRohde
That really depends on what resorces the service account is used for.
Is it used for any other SaaS apps other than Microsoft, that could have their resources in these locations?
The IP Addresses, that are logged from these locations, are they familiar to you?
This isn't usual behavior from my experience, if you dont, like I said earlier, have worloads that could be located in these areas.
I suggest doing some more investigation on the IP addresses used, and also change the Password ( if it's not to much of a hassle for you )
Kind Regards
Oliwer