Forum Discussion
What does 'log on' mean in the Cloud App Security portal?
Log on should be successful ones, failed ones are marked differently. For example:
Failed log on (Failure message: Strong Authentication (second factor) is required)
Keep in mind that you might see some internal/datacenter IPs in the list.
Log on should be successful ones, failed ones are marked differently. For example:
Failed log on (Failure message: Strong Authentication (second factor) is required)
Keep in mind that you might see some internal/datacenter IPs in the list.
VasilMichev This is an old comment but this post is the only one I've seen in my research in reference to this log. This log is actually a successful login but the entity in question did not enter the MFA code, so it gets logged as "Failed log on (Failure message: Strong Authentication (second factor) is required".
I tested this with my own sign in by signing in successfully, I received the MFA code but never entered it and was able to reproduce the same exact log.
This log combined with irregular behavior (different IP, country etc) would raise in alarm for me. Just an FYI.
Thanks Vasil, appreciate the quick reply. After I received your response I noticed I could search by failed or successful logins as well. Some of our successful logons are in countries where we know our employees simply cannot have been or used a VPN to. But more curiously, this includes employees who don't even have an O365 licence so something odd is happening here.
Time to open a support case I guess, they should be able to provide you more details.
