cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How can I determine or make an alert if a mailbox is accessed from another geolocation?

%3CLINGO-SUB%20id%3D%22lingo-sub-1565660%22%20slang%3D%22en-US%22%3EHow%20can%20I%20determine%20or%20make%20an%20alert%20if%20a%20mailbox%20is%20accessed%20from%20another%20geolocation%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1565660%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20trying%20to%20see%20if%20there's%20a%20way%20for%20me%20to%20identify%20if%20a%20user's%20mailbox%20has%20been%20access%20from%20a%20different%20geolocation%20and%20create%20an%20alert%20for%20it%20so%20as%20to%20identify%20if%20the%20mailbox%20is%20being%20accessed%20by%20a%20fraud.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1565660%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%20center%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1565777%22%20slang%3D%22en-US%22%3ERe%3A%20How%20can%20I%20determine%20or%20make%20an%20alert%20if%20a%20mailbox%20is%20accessed%20from%20another%20geolocation%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1565777%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F749323%22%20target%3D%22_blank%22%3E%40Jorel_ReachOutIT%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EHi%20Jorel%2C%3CBR%20%2F%3EAssuming%20that%20you%20have%20a%20Microsoft365%20subscription%2C%20you%20can%20use%26nbsp%3BAzure%20AD%20Identity%20Protection%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fidentity-protection%2Foverview-identity-protection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fidentity-protection%2Foverview-identity-protection%3C%2FA%3E%3CBR%20%2F%3EIf%20its%20with%20an%20on%20premises%20environment%2C%20you%20will%20use%20a%20VPN%20solution%2C%20then%20you%20should%20check%20the%20documentation%20if%20you%20can%20create%20alerts.%3CBR%20%2F%3Eregards%3CBR%20%2F%3EGuido%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1566651%22%20slang%3D%22en-US%22%3ERe%3A%20How%20can%20I%20determine%20or%20make%20an%20alert%20if%20a%20mailbox%20is%20accessed%20from%20another%20geolocation%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1566651%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20cannot%20do%20this%20with%20the%20%22basic%22%20alerting%20functionality%20we%20have%20in%20the%20SCC%2C%20but%20should%20be%20possible%20if%20you%20have%20MCAS%20licenses.%20You%20will%20have%20to%20define%20all%20the%20%22internal%22%20or%20%22known%22%20locations%20for%20this%20to%20work%20though.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jorel_ReachOutIT
Visitor

‎Aug 04 2020 10:56 AM

‎Aug 04 2020 10:56 AM

How can I determine or make an alert if a mailbox is accessed from another geolocation?

I'm trying to see if there's a way for me to identify if a user's mailbox has been access from a different geolocation and create an alert for it so as to identify if the mailbox is being accessed by a fraud.

Labels:
264 Views
0 Likes
2 Replies
Reply
2 Replies
Guido van Dijk

‎Aug 04 2020 11:40 AM

‎Aug 04 2020 11:40 AM

Re: How can I determine or make an alert if a mailbox is accessed from another geolocation?

@Jorel_ReachOutIT 
Hi Jorel,
Assuming that you have a Microsoft365 subscription, you can use Azure AD Identity Protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protec...
If its with an on premises environment, you will use a VPN solution, then you should check the documentation if you can create alerts.
regards
Guido

1 Like
Reply
Vasil Michev

‎Aug 05 2020 12:10 AM

‎Aug 05 2020 12:10 AM

Re: How can I determine or make an alert if a mailbox is accessed from another geolocation?

You cannot do this with the "basic" alerting functionality we have in the SCC, but should be possible if you have MCAS licenses. You will have to define all the "internal" or "known" locations for this to work though. 

1 Like
Reply