May 10 2024 05:30 AM
In noninteractivesigninlogs, we're seeing a bunch of attempts made to sign in to our admin accounts rejected with error codes 500131 and 500133 coming from 4.231.207.170 and 2a01:111:f400:fe13::100 (Microsoft datacentre IPs), device type "Windows 10", Resources are ComplianceAuthServer/Office 365 Exchange Online.
What are we seeing here, is this a misconfiguration on the Microsoft side, or an attack?