Feedback by UserVoice

How can we improve compliance or protect your users better in Office 365?

Suspicious Login Reports and Alerts

Microsoft needs to include FREE reporting and alerts to paying office 365 subscribers. Apparently the azure reports that would be useful to office 365 subscribers require a paid subscription (according to the 2 tickets I put in with azure support)
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-view-access-usage-reports.

The office 365 audit log is a mess and doesn't give a clear picture of all suspicious activity for all users at a glance, e.g. logins from multiple geographies.

Ideally, admins would be able to get alerts based on suspicious activity. We've had several users accounts get hacked and we've had no idea. People were logging in from all over the world. A simple alert or report would have saved us a lot of headache.

252 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Jim K shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

11 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Jon Rubow commented  ·   ·  Flag as inappropriate

    +1 on this. I would love a quick alert of suspicious logins so I don't have to monitor a board all day.

  • Cristian Rodriguez commented  ·   ·  Flag as inappropriate

    Good morning.

    Please include in O365 the functionality to create and edit policy alerts about impossible travel.

    Thanks for your attention.

  • Jim Hill commented  ·   ·  Flag as inappropriate

    This is a much needed feature. As a system admin I have a hard time believing that it isn't a built in feature.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I have a user that was unexpectedly getting MFA verification code text messages in the middle of the night. But to find out where the authorization request is coming from requires a paid feature upgrade (Azure AD P1 or P2). I'm completely dismayed. I expect Microsoft to provide significant level of tooling in all SKUs to ensure users of its Office 365 platform are confident in the security.

  • Tyler Miller commented  ·   ·  Flag as inappropriate

    Agree! I am looking for the exact same thing. Has anyone found a 3rd party solution for reporting?

  • WLF Admin commented  ·   ·  Flag as inappropriate

    I've spent dozens of hours trying to work out hacks that would have taken me just a few minutes with Kerio Connect. What on earth are we paying for if we cannot deal with basic security?

  • Casey M commented  ·   ·  Flag as inappropriate

    i agree with this statement, i'm running into this problem as well. I could understand some of the "automated" features they are wanting to be a paid portion, but being able to check and have notifications that a users account is being used from a wildly different geographic location should be part of the O365 service as is.

  • Jim K commented  ·   ·  Flag as inappropriate

    Also, like Google already does, an email should be sent to the recipient when there is a new login from a device. This should at least be a configurable setting for admins. There is literally no "turned on by default" security measure in place for office 365. Users give up their credentials in phishing attempts all the time. We need more measure in place for admins to combat these issues.

Feedback and Knowledge Base