Hi all,
I have been utilizing the Office 365 Cloud App Security for a while and it is great. Just on thing that keeps on happening and i cannot seem to figure it out.
We keep on getting a lot of alerts that on different user accounts that there have multiple failed login attempts. But when i look into those alerts, it is an internal IP.
When i ask the user, they mention that they weren't even entering their password at the time.
Im beginning to think that because we have MFA configure it may be causing multiple login attempts? am i on the right track here?
or is there a way in the alert for me to get a device id so i can see what the device that is triggering the alert is.
Can anyone assist me with this?
Thankss in advance!
Leibish Ringel