I have noticed on Cloud App security activity logs Microsoft own IP addreses generating activity logs and interacting with Sharepoint and other apps, these IPs are located outside of US, and we dont have any offices there. There is never a login audit log generated. It seems this is a type of background processing from Microsoft. I would like to know the reason behind Microsoft performing these activity and why it is not whitelisted/removed from audit logs to prevent false positives and confusion.