Unusual sign-in activity

Highlighted
Frequent Contributor

one of my user has received an email in his inbox.
We detected something unusual about a recent sign-in to the Microsoft account
Country/region: United Kingdom
IP address: X.X.X.X(some public ip
Date: 5/26/2018 
Platform: Windows
The user is in india, he says someone might have tried to login from UK.

Auditing is enabled on his mailbox, how do i troubleshoot further. i have a requirement to get the logs from exchange, how do i get the logs

6 Replies
Highlighted
You can look at the Audit Logs for logins in the Security & Compliance Center or in Azure AD. You should also consider activating Cloud App Security.
Highlighted

Did you verify that this message isn't a phishing attempt?

Highlighted

yes this message is not a phishing attempt

Highlighted
That was not me
Highlighted
I know this was a question about a Microsoft Account, but do you know if this functionality (We detected something unusual...) is available for Office 365 accounts? We have a E3 licence.
Highlighted

Your O365 accounts are stored in Azure AD and all of the auditing tools for that directory are available for O365. You may also be interested in using Office Cloud App Security which provides extensive capabilities for analyzing activity performed by all of your accounts , see https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security