Jun 08 2022 04:57 AM - edited Jun 08 2022 05:24 AM
Hi everyone,
I don't know if anyone has had this problem. My problem is that when this rule is detected the same user is always triggered when trying to connect to the "Office 365 Exchange Online" application from a mobile phone and the client application "Exchange ActiveSync".
This rule monitors high login attempts from different locations over a period of time of 1 day.
We know that this is a false positive, as this is a field technician, and we have checked with the user to verify these actions.
As a solution, we have taken the following actions to prevent the alert from being triggered:
-Logging out of the application login and logging back in.
But the problem persists, I don't know what else to do or what other mitigations I can see with the user.
I have looked at the login table and only see that the error is thrown when connecting to the "Office 365 Exchange Online" application.
Any ideas?
Regards.
Dec 08 2022 05:50 AM
@Chris_321, I see its been few months already for your question. Have you resolved this issue?
I am also facing this issue. I see that few specific users only this rule is firing up every day. Its strange that its only for specific users and not random or multiple users
Feb 08 2023 10:10 AM - edited Feb 08 2023 10:11 AM
Hi!!!@bsukalp
Sorry for the delay. I was doing some research with the customer and as a solution for me the application was removed and reinstalled again for that user. It seems like it had stuck with an old password and was kind of internally trying to log in all the time.