Educause Security Discussion mailing list archives

Spike in O365 risky "unfamiliar" sign-ins?

From: "Jim A. Bole" <jbole () STEVENSON EDU>
Date: Fri, 13 Sep 2019 14:25:08 +0000

In the past 24 hours we saw a spike in "unfamiliar" sign-in alerts on our O365 tenant.

We are still investigating, but we have some indications in might be due to Microsoft's recent change in their 
algorithm:

https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Presenting-the-new-Unfamiliar-Sign-in-Properties/ba-p/779978

Is anyone else seeing this?


Jim Bole
Director of Information Security
Stevenson University
1525 Greenspring Valley Road
Stevenson, MD, 21153-0641
jbole () stevenson edu | O: 443-334-2696



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

<<attachment: winmail.dat>>

Current thread:

Spike in O365 risky "unfamiliar" sign-ins? Jim A. Bole (Sep 13)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Huang, Maria (Sep 13)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Hart, Michael (Sep 13)
  - Re: Spike in O365 risky "unfamiliar" sign-ins? Jim A. Bole (Sep 13)
    - Re: Spike in O365 risky "unfamiliar" sign-ins? Turnbull, Colin (Sep 13)
    - Re: Spike in O365 risky "unfamiliar" sign-ins? Sonder, Henk E. (Sep 13)
    - Re: Spike in O365 risky "unfamiliar" sign-ins? Frank Barton (Sep 20)
    - Re: Spike in O365 risky "unfamiliar" sign-ins? Brandon Hume (Sep 20)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Josh Grier (Sep 13)
- <Possible follow-ups>
- Re: Spike in O365 risky "unfamiliar" sign-ins? Theodore J. August (Sep 14)
  - Re: Spike in O365 risky "unfamiliar" sign-ins? Jim A. Bole (Sep 16)