Hello @NicholasHandelsmann-7401 ,
Thank you for reaching out Microsoft Q&A.
I Understand that in the audit logs you have noticed InitiatedBy.user.ipAddress is listed as 255.255.255.255
IP address with an action named "User registered Outlook mobile with Code".
According to the IP Address, there is a special definition which exists for the IP address 255.255.255.255. It is the broadcast address of the zero network or 0.0.0.0, which in Internet Protocol standards stands for this network, i.e. the local network. Transmission to this address is limited by definition, in that it is never forwarded by the routers connecting the local network to other networks. It is a reserved IP address and cannot be assigned to any single device on a network.
The action named "User registered Outlook mobile with Code" indicates that the user has successfully Registered for Microsoft authenticator app for the Outlook mobile application and the audit log shows 255.255.255.255 in the IP address section.
In this scenario, the user may have initiated the action from a device or network that does not have a unique IP address, such as a public Wi-Fi hotspot or a mobile network so that's why it is not triggering the actual IP address of the device in the audit logs.
Hope this helps!
Feel free to ask for additional queries : )
Regards,
Goutam Pratti.