Security Notifications based on Sign-In Location
Regarding Security Notifications based on Sign-In Location, we recently got compromised and found the best way to locate compromised accounts was to log into Azure Active Directory > Sign-Ins and sift through users sign-in locations, where we came to find a handful of users had given their credentials to phishing emails and therefore were now compromised, logging in from remote countries where we have no business ties.
It doesn’t look like there’s a way to actually turn on any alerting to send to Email/SMS for these kinds of alerts to Office 365/Azure Administrators, yet. It would be very useful to receive alerts when a certain filter has been met, such as someone logging into O365 services in Nigeria for instance.
Thanks for your consideration.
Do you have access to Office 365 Cloud App Security in E5? This has the capabilities you are seeking, although it is on a higher priced plan.
Neil Speer commented
Same thing has happened to me (the latest breach was 4/3/2018), with three different accounts, one of which had MFA enabled. Judging by the date of the initial post (7/18/2017) and the lack of any progress (let alone response!) towards a resolution, it's difficult to come to any other conclusion other than this simply is not a priority for Microsoft. These posts will only serve as proof (following a high-profile O365 account that becomes compromised) that while MS had been notified of the issue, no action was taken to notify the administrator when an account has likely been compromised and used for exploitative purposes - All at the expense of the account holder's (and company's) reputation, but not Microsoft's. Very disappointing.