Query on MCAS Unsanctioned application | Microsoft Live(IT services)

Brass Contributor
Recently I received a security Incident on my Microsoft Cloud Application Security(MCAS) portal Data exfiltration to an app that is not sanctioned When I drilled down, I found Microsoft Live application 

 

Deepanshu_Marwah_0-1627957604122.png

 

 

Can anyone help me understand what is this application and why its showing data exfiltration incident?

 

Also posted this query on azure - Query on MCAS Unsanctioned application | Microsoft Live(IT services) - Stack Overflow

1 Reply
If I am not mistaken live is the Microsoft email portal, outlook.live.com. Someone could have signed in with their corporate credentials and uploaded information. Do you have webmail enabled?