Suspicious Login Reports and Alerts
Microsoft needs to include FREE reporting and alerts to paying office 365 subscribers. Apparently the azure reports that would be useful to office 365 subscribers require a paid subscription (according to the 2 tickets I put in with azure support)
The office 365 audit log is a mess and doesn't give a clear picture of all suspicious activity for all users at a glance, e.g. logins from multiple geographies.
Ideally, admins would be able to get alerts based on suspicious activity. We've had several users accounts get hacked and we've had no idea. People were logging in from all over the world. A simple alert or report would have saved us a lot of headache.
Jim Hill commented
This is a much needed feature. As a system admin I have a hard time believing that it isn't a built in feature.
Alan Rae commented
I have a user that was unexpectedly getting MFA verification code text messages in the middle of the night. But to find out where the authorization request is coming from requires a paid feature upgrade (Azure AD P1 or P2). I'm completely dismayed. I expect Microsoft to provide significant level of tooling in all SKUs to ensure users of its Office 365 platform are confident in the security.
Suspicious user login alters to users and administrator
Tyler Miller commented
Agree! I am looking for the exact same thing. Has anyone found a 3rd party solution for reporting?
WLF Admin commented
I've spent dozens of hours trying to work out hacks that would have taken me just a few minutes with Kerio Connect. What on earth are we paying for if we cannot deal with basic security?
Casey M commented
i agree with this statement, i'm running into this problem as well. I could understand some of the "automated" features they are wanting to be a paid portion, but being able to check and have notifications that a users account is being used from a wildly different geographic location should be part of the O365 service as is.
Jim K commented
Also, like Google already does, an email should be sent to the recipient when there is a new login from a device. This should at least be a configurable setting for admins. There is literally no "turned on by default" security measure in place for office 365. Users give up their credentials in phishing attempts all the time. We need more measure in place for admins to combat these issues.