Hello @mara2021 !
Based on the Documentaton this Event is a Security Audit Event
The Status :
Failure Information\Status orFailure Information\Sub Status | 0XC000006D – "This is either due to a bad username or authentication information" for critical accounts or service accounts.Especially watch for a number of such events in a row |
---|---|
shows that it has to do with Service Accounts , also we have NULL on the SID , probably a process
Also the Logon Type 3:
2 | Interactive | A user logged on to this computer. |
3 | Network | A user or computer logged on to this computer from the network. |
is showing Remote Attempts
Are you restricting Public IP acces only to Azure - Office 365 URLs ? i suppose your Mail Flow is from 365 so no need to Public exposure other than Hybrid
It could be malicious attempts
Install all latest Hotfixes and Updates
Are there left devices or Apps using SMTP ? Maybe stil trying to access Exchnage Servers ?
Kinldy check these and come back with yur feedback !
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards