Exchange 2016 remote logins from Microsoft IP!?

Ben 41 Reputation points
2021-02-26T10:14:12.913+00:00

Hello! After starting to monitor the Windows Event Logs of our Exchange 2016 Server (hosted on prem), I see successful logins from Microsoft IP, using the server admin account and impersonating personal accounts (that's how I understand the below screenshot): ![72348-exchange-log.png][1] [1]: /api/attachments/72348-exchange-log.png?platform=QnA I see these kind of logins only for two local users from three different Microsoft IPs: 52.97.242.29, 52.97.242.85 and 52.97.243.125. Have we've been hacked or what Microsoft service gains access to our Exchange Server remotely and why? Since one of the local user is my own, I changed my AD password and I got immediately a failed login attempt from one of the Microsoft IPs. Any help is highly appreciated! Cheers, Ben

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,440 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 143.8K Reputation points MVP
    2021-02-26T12:48:32.217+00:00

0 additional answers

Sort by: Most helpful