Oct 26 2020
09:44 PM
- last edited on
May 24 2021
02:11 PM
by
TechCommunityAP
Oct 26 2020
09:44 PM
- last edited on
May 24 2021
02:11 PM
by
TechCommunityAP
Hi Guys, Good day. I have been observing a few false-positive Risky SignIn alerts involving a few of my company users and all these detections come up with a new IP (3.x.x.x) from the Zoom pool of addresses and SignIn Client is: ZOOMROOMS (ExchangeServicesClient/0.0.0.0)
After investigating the issue with Zoom and Microsoft support, it was identified the majority of our Zoom Rooms are using API calendar and generating the API calendar calls. This would most likely generate that log since our zoom rooms software regularly pulls information from the calendar resource to display on its screen.
Zoom advised to whitelist their IP ranges in Azure using conditional access policies but it seems these IPs are also being used by other clients. Wondering if anyone had the same situation and added the vendor IPs Zoom, ZScaler to the whitelist in conditional access policies. I am only concerned about the below:
Thanks
Oct 27 2020 01:38 AM