Log protocol rejections in Exchange Audit Log
Azure AD logs the protocol authentication as successful and there is no protocol rejection logged in Exchange. This makes it very hard to prove the system was NOT accessed from an investigation perspective. This should be addressed my Microsoft ASAP. From a Security perspective, there is value in knowing about connections which are denied to a system as this could indicate an attack.