Educause Security Discussion mailing list archives
Re: Spike in O365 risky "unfamiliar" sign-ins?
From: Josh Grier <jgrier () WESTERN EDU>
Date: Fri, 13 Sep 2019 14:36:01 +0000
Jim, I just took a look at our sign-ins and I'm seeing a lot of unfamiliar locations, mostly South Korea, but all of the listed IP's are owned by Microsoft. Josh Grier Information Technology Services Western Colorado University 970.943.3107 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jim A. Bole Sent: Friday, September 13, 2019 8:25 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Spike in O365 risky "unfamiliar" sign-ins? NOTICE: This email originated from outside of the University. Do not click links or open attachments unless you recognize the sender and know the content is safe. Thank you, Western IT Services. In the past 24 hours we saw a spike in "unfamiliar" sign-in alerts on our O365 tenant. We are still investigating, but we have some indications in might be due to Microsoft's recent change in their algorithm: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Presenting-the-new-Unfamiliar-Sign-in-Properties/ba-p/779978 Is anyone else seeing this? Jim Bole Director of Information Security Stevenson University 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu<mailto:jbole () stevenson edu> | O: 443-334-2696 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Spike in O365 risky "unfamiliar" sign-ins? Jim A. Bole (Sep 13)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Huang, Maria (Sep 13)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Hart, Michael (Sep 13)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Jim A. Bole (Sep 13)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Turnbull, Colin (Sep 13)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Sonder, Henk E. (Sep 13)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Frank Barton (Sep 20)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Brandon Hume (Sep 20)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Jim A. Bole (Sep 13)
- <Possible follow-ups>
- Re: Spike in O365 risky "unfamiliar" sign-ins? Theodore J. August (Sep 14)
- Re: Spike in O365 risky "unfamiliar" sign-ins? Jim A. Bole (Sep 16)