cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IP addresses and Risky Login

LeighZTech
Copper Contributor

‎Apr 16 2019 08:42 AM

‎Apr 16 2019 08:42 AM

IP addresses and Risky Login

Good Morning, I am responsible for running Secure Score Reports for our clients. I was running down "suspicious" logins and when I reached out to our client's users asking if they were in XXX at YYY date and ZZZ time, I am generally being told they were not in that location. One user was in Jacksonville Florida and is showing IPs based out of Orlando and Mobile. I am at a loss in determining if these logins are legitimate or not. The information in the report indicates there was MFA. Is there a way to get a list of IP addresses that O365/Azure use for Multifactor Authentication? Please advise and thank you!
1,330 Views
0 Likes
2 Replies
Reply
2 Replies
Vasil Michev

‎Apr 16 2019 10:22 AM

‎Apr 16 2019 10:22 AM

Re: IP addresses and Risky Login

You know that IP-based geolocation is hardly an exact science, right? The IP ranges should be included in the generic O365 URLs and IP ranges article, they are the *.phonefactor.com ones.

0 Likes
Reply
LeighZTech

‎Apr 16 2019 10:49 AM

‎Apr 16 2019 10:49 AM

Re: IP addresses and Risky Login

Good Afternoon Vasil,

 

I know it isn't an exact science, I am just wanting to verify these IPs are MFA and not something nefarious.

 

Leigh

0 Likes
Reply