Forum Discussion

AndrewWarland's avatar
AndrewWarland
Iron Contributor
May 22, 2018
Solved

What does 'log on' mean in the Cloud App Security portal?

We are seeing both licenced and non-licenced Office 365 users 'logging on' from other countries in the Cloud App Security portal. We know those users are not in those countries.   Does 'Log on' mea...
microsoft 365
security
  • VasilMichev's avatar
    VasilMichev
    May 22, 2018

    Log on should be successful ones, failed ones are marked differently. For example:

     

    Failed log on (Failure message: Strong Authentication (second factor) is required)

     

    Keep in mind that you might see some internal/datacenter IPs in the list.

VasilMichev's avatar
VasilMichev
MVP
May 22, 2018

Log on should be successful ones, failed ones are marked differently. For example:

 

Failed log on (Failure message: Strong Authentication (second factor) is required)

 

Keep in mind that you might see some internal/datacenter IPs in the list.

AndrewWarland's avatar
AndrewWarland
Iron Contributor
May 22, 2018

Thanks Vasil, appreciate the quick reply. After I received your response I noticed I could search by failed or successful logins as well. Some of our successful logons are in countries where we know our employees simply cannot have been or used a VPN to. But more curiously, this includes employees who don't even have an O365 licence so something odd is happening here.

  • VasilMichev's avatar
    VasilMichev
    MVP
    May 23, 2018

    Time to open a support case I guess, they should be able to provide you more details.

Resources