Multiple Failed Login attempt alerts

Hi all,

I have been utilizing the Office 365 Cloud App Security for a while and it is great. Just on thing that keeps on happening and i cannot seem to figure it out.

We keep on getting a lot of alerts that on different user accounts that there have multiple failed login attempts. But when i look into those alerts, it is an internal IP.

When i ask the user, they mention that they weren't even entering their password at the time.

Im beginning to think that because we have MFA configure it may be causing multiple login attempts? am i on the right track here?

or is there a way in the alert for me to get a device id so i can see what the device that is triggering the alert is.

Can anyone assist me with this?

Thankss in advance!

Leibish Ringel

This thread is locked. You can vote as helpful, but you cannot reply or subscribe to this thread.

Replies (1)

A. User

Hi Danielle.clark,

Unfortunately, all you can see is the entry shown in the activity log, which does not have a device ID. So you can't view that. However, it is great if the device ID can be obtained. You can submit your idea in the dedicated Cloud App Security uservoice forum. Here is the link for you:

https://microsoftsecurity.uservoice.com/forums/905161-cloud-app-security

Best Regards,

Kyrie

18 people found this reply helpful

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Question Info

Last updated May 15, 2024 Views 4,423 Applies to:

Multiple Failed Login attempt alerts

Replies (1) 

Question Info

Replies (1)