@ChrisPo 布錦聲 Thank you for reaching out to us, ACOM application is a first party Microsoft application. Would request you to refer to this article - https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in on how to verify a first-party Microsoft service principal in your Azure AD tenant.
Once you review the sign in logs and find it suspicious, would recommend resetting the user password/set up conditional access policies which apps needs to be accessed based on the ip location/device/application/real time and calculated risk detection - https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Let me know if you have any further questions, feel free to post back.