Flag logins by irregular/distant IP?

Occasional Contributor



I was told there was a setting that would enable IP checking for mailbox access. If access came from an odd IP, say China, the access would be blocked and an alert would be sent out. I'm been looking through the interface and can't find the setting. Do this option exist?

3 Replies
best response confirmed by Mark Andrich (Occasional Contributor)

There are some useful Azure Active Directory security reports available for Office 365 customers, as well as more detailed information for those customers with Azure AD Premium. 


I am in an E3 tenant with no add-ons and I get these reports - 


Risky sign-ins - A risky sign-in is an indicator for a sign-in attempt that might have been performed by someone who is not the legitimate owner of a user account.  Known IP address ranges can be added to define which locations are trusted. 


Users flagged for risk - A risky user is an indicator for a user account that might have been compromised. 


These reports should flag suspicious logins like what you have described. For Azure AD Premium customers, there are more options like a user risk remediation policy which can block access for example.

Well, Reports are delayed, if you want to properly address this you should check the Alerts functionality offered as part of the SCC, and quite possible the advanced alerts/actions offered with ASM/CAS licenses. Some third party vendors also offer alerting based on the audit events in the Azure AD audit log.