Risky Sign-In Capture for Email Client

%3CLINGO-SUB%20id%3D%22lingo-sub-1292998%22%20slang%3D%22en-US%22%3ERisky%20Sign-In%20Capture%20for%20Email%20Client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1292998%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20the%20%22fraudster%22%20somehow%20managed%20to%20set%20up%20the%20user%20account%20in%20an%20email%20client%2C%20without%20anyone%20noticing%20it.%20And%20the%20account%20is%20already%20in-sync%20with%20the%20Exchange%20server.%3CBR%20%2F%3E%3CBR%20%2F%3EWill%20the%20risky%20sign-in%20features%20track%20such%20scenario%3F%20Since%20he%20no%20longer%20required%20to%20perform%20the%20manual%20%22sign-in%22%20process.%3CBR%20%2F%3E%3CBR%20%2F%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1292998%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1294345%22%20slang%3D%22en-US%22%3ERe%3A%20Risky%20Sign-In%20Capture%20for%20Email%20Client%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1294345%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F573218%22%20target%3D%22_blank%22%3E%40cllee%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20always%20capture%20whether%20from%20Risky%20sign%20in%20or%20cloud%20app%20security.%20You%20can%20easily%20find%20out%20from%20MCAS%20if%20you%20know%20the%20user.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20are%20asking%20about%20notification%20via%20email%2C%20it%20will%20notify%20you%20anytime%20accessing%20from%20unfamiliar%20location.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESorry%20if%20I%E2%80%99m%20not%20understanding%20the%20scenario%20correctly!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps!%3CBR%20%2F%3E%26nbsp%3BMoe%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi,

If the "fraudster" somehow managed to set up the user account in an email client, without anyone noticing it. And the account is already in-sync with the Exchange server.

Will the risky sign-in features track such scenario? Since he no longer required to perform the manual "sign-in" process.

Thanks.

1 Reply

@cllee,

 

It always capture whether from Risky sign in or cloud app security. You can easily find out from MCAS if you know the user.

 

If you are asking about notification via email, it will notify you anytime accessing from unfamiliar location.

 

Sorry if I’m not understanding the scenario correctly!

 

Hope this helps!
 Moe