Suspicious Login Reports and Alerts
Microsoft needs to include FREE reporting and alerts to paying office 365 subscribers. Apparently the azure reports that would be useful to office 365 subscribers require a paid subscription (according to the 2 tickets I put in with azure support)
The office 365 audit log is a mess and doesn't give a clear picture of all suspicious activity for all users at a glance, e.g. logins from multiple geographies.
Ideally, admins would be able to get alerts based on suspicious activity. We've had several users accounts get hacked and we've had no idea. People were logging in from all over the world. A simple alert or report would have saved us a lot of headache.
It's a MUST!
Yes focus needs to be on security, not adding new useless features. I'd like reporting anytime a user with admin level permissions logs in from a new ip location that has not been used in the past 60 days.
I'd like also anytime a new ip address is present in the last 60 days for there to be an alert.
This seems like a real need. O365 better up their game in the security department. Based on security, Google is kicking your rear.
Dan Stockman commented
I can't believe we don't have a simple fix for this and why are there not 10K+ comments here. We are trying to go with MFA for all but there are always holes.... I have clients being hacked by Russia, Brazil, etc... and nothing is being done. The shared Email accounts are the worst as we don't have MFA setup on those. I would think an alert should go to the company administrators if suddenly an account randomly has xx failed login attemps, or randomly an international IP attempted to login for the first time ever, or even as simple as a thousand outbound messages with exact same scam link are identified. We don't need advanced AI here.... just some simple programming I would think could easily fix this mess.
Joe Lalgee commented
Alert for international login please.
Jesper Rasmussen commented
+3 here. This should in 2019 be default feature !
Bill Gates commented
go to the cloud because its secure so claims microsloth and doodle and other ********* companies with limited to no security mindset. OH what you want to monitor activity? Oh well that's extra!! Yeah ******** microsoft you pos. Cloud isn't secure its a gaping hole!!!
As an o365/azure administrator my job to know of a compromised account immediately or about a suspicious login. We upgraded to a paid version (P2) in hopes of finding about this type of issues immediately but it has not been very successful of delivering the promise. We would like to be able to get the alert immediately when sign-ins are happening from regions we have no business in and or any suspicious activity for that matter. So I absolutely agree with the others on this board that the alerting and reporting needs to be improved drastically to justify the price per user.
Tim Whitney commented
Not knowing someone is using their Desktop Outlook - while someone else (hacker) is using the online Outlook is a serious security problem. Hacker was able to selectively hide emails and managed to access a bank account. Neither the Admin or User knew this was happening on 5/16/19. Need Alert Policy for Login with Outlook Online being used - ASAP!
Google has this functionality even in free accounts!
I have purchased 10 P1 licenses, and even after making a condition access policy, it is still a messy mess, and I still only discovered a hacked mail account because of the fowarding rule alert. We need to know ASAP, we need a text message on our phones as soon as a logon breach is suspected. Yes, I can look at IMAP failures and I can see hundreds of scripted attempted logons from China Brazil Russia etc... but what about logons from browser/O365 portal? One account hacked from Lagos. I needed to know that at the time, at late at night, in the early hours of the morning, whenever. Give us the tools we need. Make it simple. I even purchased the licenses and still it doesn't offer security.
bob cleary commented
I am going to add my voice to this request. It is needed and a sore spot for many of my clients that use Office 365. Having the alert to know when there is a logon attempt a previously unknown IP would be a great feature and an additional selling point.
Jon Rubow commented
+1 on this. I would love a quick alert of suspicious logins so I don't have to monitor a board all day.
Cristian Rodriguez commented
Please include in O365 the functionality to create and edit policy alerts about impossible travel.
Thanks for your attention.
This should be included by default as part of the service provided.
Jim Hill commented
This is a much needed feature. As a system admin I have a hard time believing that it isn't a built in feature.
Alan Rae commented
I have a user that was unexpectedly getting MFA verification code text messages in the middle of the night. But to find out where the authorization request is coming from requires a paid feature upgrade (Azure AD P1 or P2). I'm completely dismayed. I expect Microsoft to provide significant level of tooling in all SKUs to ensure users of its Office 365 platform are confident in the security.
Suspicious user login alters to users and administrator
Tyler Miller commented
Agree! I am looking for the exact same thing. Has anyone found a 3rd party solution for reporting?