Hello,
AAD sign-in report is available. Hope, that helps.
Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion
Regards,
Manu
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have a user that is failing authentication to exchange online and I'm seeing the attempts in AAD sign in logs. The user isn't experiencing any issues on the PC they are currently using so I believe another system is the issue. The main issue is that the AAD log only shows the the IP of my public IP and not the IP of the PC where failed auth is originating from. Does anyone know of a way to correlate a failed AAD auth back to the PC it originated from in this scenario? Are there any local logs on the PC that i could query that would also say an auth failed (I have ability to get windows event logs and other local logs)?
Hello,
AAD sign-in report is available. Hope, that helps.
Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion
Regards,
Manu
If you have concerns about unauthorized logins, you could improve your security by setting up multi-factor authentication for your users.
Dealing with high number of failed log on attempts from foreign countries utilizing Exchange Online:
https://techcommunity.microsoft.com/t5/exchange/dealing-with-high-number-of-failed-log-on-attempts-from-foreign/m-p/91325
Audit activity reports in the Azure Active Directory portal:
https://video2.skills-academy.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs
You can also try, Lepide Azure AD Auditor - to spot when a large number of failed logons are occurring which could indicate a brute force attack.