Hello,

Looking at our Risky Sign-Ins > Sign-in Events, we noticed a large number of successful sign-ins from a potentially malicious IP for the "Office 365 Exchange Online" application.

We host Exchange on premise and have no OWA. Users would get error 500 if trying to login to outlook.office365.com.

Any insights on what this successful login could be?

Thanks