Hi @Nikolay Evdokimov
Yes, we could check the IIS logs, How to find IP address from which client accessing mailbox using outlook / Owa / mobile device
And this article will be helpful if you are not familiar with How to Read & Customize IIS Log Files
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
In addition, if the Exchange services are published via SNAT through a load balancer like KEMP, F5 etc, the IIS logs cannot get the real source IP. In this scenario, we will neef to Enable Advanced Logging on all Exchange 2016 Servers. Detailed steps can be seen here: Exchange: Get the real source IPs in the IIS hit logs for servers
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.