Exchange 2016 remote logins from Microsoft IP!?

Ben 41 Reputation points

Hello! After starting to monitor the Windows Event Logs of our Exchange 2016 Server (hosted on prem), I see successful logins from Microsoft IP, using the server admin account and impersonating personal accounts (that's how I understand the below screenshot): ![72348-exchange-log.png][1] [1]: /api/attachments/72348-exchange-log.png?platform=QnA I see these kind of logins only for two local users from three different Microsoft IPs:, and Have we've been hacked or what Microsoft service gains access to our Exchange Server remotely and why? Since one of the local user is my own, I changed my AD password and I got immediately a failed login attempt from one of the Microsoft IPs. Any help is highly appreciated! Cheers, Ben

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,440 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 143.8K Reputation points MVP

0 additional answers

Sort by: Most helpful