Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Service account with weird travel habits

Iron Contributor

We have a service account used by an application. Our data center is in West Europe, and I would expect all logins by the service account to occur from there, so I am puzzled why I receive email alerts about "User at risk" showing that the service account logs in from different places around the world: Hong Kong, Istanbul, Sao Paulo etc. Before I panic, I want to hear if the behavior can be explained as being innocent and normal?

1 Reply
best response confirmed by Jakob Rohde (Iron Contributor)
Solution

Hello!@Jakob Rohde 

 

That really depends on what resorces the service account is used for.

Is it used for any other SaaS apps other than Microsoft, that could have their resources in these locations? 

The IP Addresses, that are logged from these locations, are they familiar to you? 

 

This isn't usual behavior from my experience, if you dont, like I said earlier, have worloads that could be located in these areas. 

 

I suggest doing some more investigation on the IP addresses used, and also change the Password ( if it's not to much of a hassle for you ) 

 

Kind Regards
Oliwer 

1 best response

Accepted Solutions
best response confirmed by Jakob Rohde (Iron Contributor)
Solution

Hello!@Jakob Rohde 

 

That really depends on what resorces the service account is used for.

Is it used for any other SaaS apps other than Microsoft, that could have their resources in these locations? 

The IP Addresses, that are logged from these locations, are they familiar to you? 

 

This isn't usual behavior from my experience, if you dont, like I said earlier, have worloads that could be located in these areas. 

 

I suggest doing some more investigation on the IP addresses used, and also change the Password ( if it's not to much of a hassle for you ) 

 

Kind Regards
Oliwer 

View solution in original post