"suspicious" sign-ins to ACOM Azure Website

ChrisPo 布錦聲 161 Reputation points
2023-06-12T03:56:06.09+00:00

These "suspicious" sign-ins to ACOM Azure Website were being generated by our users from different countries. However, I didn't find such an application from Enterprise Application. Thus, How to prevent such suspicious sign-in?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2023-06-12T08:49:27.5833333+00:00

    @ChrisPo 布錦聲 Thank you for reaching out to us, ACOM application is a first party Microsoft application. Would request you to refer to this article - https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in on how to verify a first-party Microsoft service principal in your Azure AD tenant.

    Once you review the sign in logs and find it suspicious, would recommend resetting the user password/set up conditional access policies which apps needs to be accessed based on the ip location/device/application/real time and calculated risk detection - https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview

    Let me know if you have any further questions, feel free to post back.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.