cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Flag logins by irregular/distant IP?

Mark Andrich
Copper Contributor

‎Nov 08 2017 01:45 PM - last edited on ‎Feb 07 2023 08:06 PM by

‎Nov 08 2017 01:45 PM - last edited on ‎Feb 07 2023 08:06 PM by

Flag logins by irregular/distant IP?

Hello,

 

I was told there was a setting that would enable IP checking for mailbox access. If access came from an odd IP, say China, the access would be blocked and an alert would be sent out. I'm been looking through the interface and can't find the setting. Do this option exist?

2,074 Views
0 Likes
3 Replies
Reply
3 Replies
best response confirmed by Mark Andrich (Copper Contributor)
Cian Allner

‎Nov 08 2017 02:08 PM - edited ‎Nov 08 2017 02:14 PM

‎Nov 08 2017 02:08 PM - edited ‎Nov 08 2017 02:14 PM

Solution

Re: Flag logins by irregular/distant IP?

There are some useful Azure Active Directory security reports available for Office 365 customers, as well as more detailed information for those customers with Azure AD Premium. 

 

I am in an E3 tenant with no add-ons and I get these reports - 

 

Risky sign-ins - A risky sign-in is an indicator for a sign-in attempt that might have been performed by someone who is not the legitimate owner of a user account.  Known IP address ranges can be added to define which locations are trusted. 

 

Users flagged for risk - A risky user is an indicator for a user account that might have been compromised. 

 

These reports should flag suspicious logins like what you have described. For Azure AD Premium customers, there are more options like a user risk remediation policy which can block access for example.

3 Likes
Reply
Vasil Michev

‎Nov 09 2017 12:59 AM

‎Nov 09 2017 12:59 AM

Re: Flag logins by irregular/distant IP?

Well, Reports are delayed, if you want to properly address this you should check the Alerts functionality offered as part of the SCC, and quite possible the advanced alerts/actions offered with ASM/CAS licenses. Some third party vendors also offer alerting based on the audit events in the Azure AD audit log.

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by Mark Andrich (Copper Contributor)
Cian Allner

‎Nov 08 2017 02:08 PM - edited ‎Nov 08 2017 02:14 PM

‎Nov 08 2017 02:08 PM - edited ‎Nov 08 2017 02:14 PM

Solution

Re: Flag logins by irregular/distant IP?

There are some useful Azure Active Directory security reports available for Office 365 customers, as well as more detailed information for those customers with Azure AD Premium. 

 

I am in an E3 tenant with no add-ons and I get these reports - 

 

Risky sign-ins - A risky sign-in is an indicator for a sign-in attempt that might have been performed by someone who is not the legitimate owner of a user account.  Known IP address ranges can be added to define which locations are trusted. 

 

Users flagged for risk - A risky user is an indicator for a user account that might have been compromised. 

 

These reports should flag suspicious logins like what you have described. For Azure AD Premium customers, there are more options like a user risk remediation policy which can block access for example.

View solution in original post

3 Likes
Reply