SOLVED

OWA connection logs

%3CLINGO-SUB%20id%3D%22lingo-sub-1059638%22%20slang%3D%22en-US%22%3EOWA%20connection%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1059638%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3Ewe%20have%20a%20user%20with%20a%20compromised%20email%20address.%3C%2FP%3E%3CP%3EIs%20there%20any%20way%20I%20can%20get%20%22connection%20logs%22%20for%20this%20user%3F%3C%2FP%3E%3CP%3EUser%20was%20using%20OWA.%3C%2FP%3E%3CP%3EKind%20regards%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1059638%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E2016%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1059682%22%20slang%3D%22en-US%22%3ERe%3A%20OWA%20connection%20logs%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1059682%22%20slang%3D%22en-US%22%3EHi!%3CBR%20%2F%3E%3CBR%20%2F%3ESee%20here%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fresponding-to-a-compromised-email-account%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fresponding-to-a-compromised-email-account%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3ECheck%20the%20audit%20log%20in%20the%20365%20security%20and%20compliance%20centre%20and%20sign%20in%20logs%20in%20Azure%20AD%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20that%20answers%20your%20question%3CBR%20%2F%3E%3CBR%20%2F%3EBest%2C%20Chris%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi all,

we have a user with a compromised email address.

Is there any way I can get "connection logs" for this user?

User was using OWA.

Kind regards,

1 Reply
Highlighted
Best Response confirmed by DiVojich (Contributor)
Solution
Hi!

See here

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/responding-to-a-compromi...

Check the audit log in the 365 security and compliance centre and sign in logs in Azure AD

Hope that answers your question

Best, Chris