Unusual sign-in activity

Frequent Contributor

one of my user has received an email in his inbox.
We detected something unusual about a recent sign-in to the Microsoft account
Country/region: United Kingdom
IP address: X.X.X.X(some public ip
Date: 5/26/2018 
Platform: Windows
The user is in india, he says someone might have tried to login from UK.

Auditing is enabled on his mailbox, how do i troubleshoot further. i have a requirement to get the logs from exchange, how do i get the logs

6 Replies
You can look at the Audit Logs for logins in the Security & Compliance Center or in Azure AD. You should also consider activating Cloud App Security.

Did you verify that this message isn't a phishing attempt?


yes this message is not a phishing attempt

That was not me
I know this was a question about a Microsoft Account, but do you know if this functionality (We detected something unusual...) is available for Office 365 accounts? We have a E3 licence.

Your O365 accounts are stored in Azure AD and all of the auditing tools for that directory are available for O365. You may also be interested in using Office Cloud App Security which provides extensive capabilities for analyzing activity performed by all of your accounts , see https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security