Using Outlook Mobile? If so that is expected
Exchange 2016 remote logins from Microsoft IP!?
Hello! After starting to monitor the Windows Event Logs of our Exchange 2016 Server (hosted on prem), I see successful logins from Microsoft IP, using the server admin account and impersonating personal accounts (that's how I understand the below screenshot): ![72348-exchange-log.png][1] [1]: /api/attachments/72348-exchange-log.png?platform=QnA I see these kind of logins only for two local users from three different Microsoft IPs: 52.97.242.29, 52.97.242.85 and 52.97.243.125. Have we've been hacked or what Microsoft service gains access to our Exchange Server remotely and why? Since one of the local user is my own, I changed my AD password and I got immediately a failed login attempt from one of the Microsoft IPs. Any help is highly appreciated! Cheers, Ben