Any way to futher prevent known malicious IPs from attempting to hack into accounts?

Question

Several accounts are being attacked from known malicious IPs from China and other locations. M365 is blocking them (hopefully will continue to do so), but looking to see if there is anything more to do on that front. Users are MFA and I have Conditional Access blocking non-USA locations. But this attack is coming from thousands of different IPs. Do we just weather the storm and hope they don't get lucky with a US-based attack?

Answer 1

Hi @Brad Burks

Thank you for posting your query on Q&A.

For your query, I understand your concern about known malicious IPs attempting to hack into your accounts and the Microsoft 365 is already blocking these IPs and you looking to implement other steps to improve security even more.

You're already taking some good security measures by using MFA and applying Conditional Access to block non-USA locations also as an additional step to Conditional Access, configure Geo-IP filtering, either on your firewall or through a cloud service, to automatically block traffic originating from geographical areas that are not pertinent to your business operations.

You can configure to Block a range of IP addresses. To allow the access configure the trusted IP addresses.

The other side I suggest you to continuously monitor security logs and alerts to quickly detect and respond to suspicious activities.

Educate your users about phishing and other social engineering attacks and encourage them not to click on suspicious links or download unverified attachments.

I hope this information helps! please Feel free to ask any questions you may have.

Thanks,
Akhilesh.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.