Hello, I found this thread searching for similar issues I have been having with multiple customers over 4 months.
The users continue to experience login loop issues and during packet monitor review on Sonicwall NSA devices, I found my GEO block was detecting MS login servers in a variety of other countries. I then applied the Microsoft URL lists to my Sonicwall allow lists and still same issues. Today while still troubleshooting issues I continued to notice user logins showing different states vs countries.
I have disabled GEO filtering as of today on 2 clients Sonicwalls to see if any change with logins to (Edge, OneDrive, etc). Some customers are Azure AD Connect with SSO and some are just regular SVR2016 domains with MS365 services. I have recently upgraded all clients from O365 to M3365 plans and enabled security and compliance features. I could say this started after those steps and after enabling identity protection. All my customers do have Sonicwall firewalls but not convinced that is the issue and never was until MS login servers started going to other countries. Another common issue with my M365 clients is all tied with Ingram Micro Cloud Referral. I was planning to review ISP DNS servers and maybe change them all to Google DNS. Any comments or thoughts on this ongoing related issues appreciated.
Thanks, Rob