It is also common to see these as non-interactive sign ins.
I am trying to understand why there would be a sign in from a Microsoft Exchange Online IP address to one of our accounts that would be attempting to use a token from a users client as per the error message reported?
Is there a service running in Exchange Online I am not aware of that signs in on the users behalf? Why would it be using a token granted to a users device?
I have also noticed consistent activity from these IP addresses in Cloud App Security.
Any help or clarification would be greatly appreciated!