I was told there was a setting that would enable IP checking for mailbox access. If access came from an odd IP, say China, the access would be blocked and an alert would be sent out. I'm been looking through the interface and can't find the setting. Do this option exist?
I am in an E3 tenant with no add-ons and I get these reports -
Risky sign-ins - A risky sign-in is an indicator for a sign-in attempt that might have been performed by someone who is not the legitimate owner of a user account. Known IP address ranges can be added to define which locations are trusted.
Well, Reports are delayed, if you want to properly address this you should check the Alerts functionality offered as part of the SCC, and quite possible the advanced alerts/actions offered with ASM/CAS licenses. Some third party vendors also offer alerting based on the audit events in the Azure AD audit log.