OVERVIEW

Risky Login

The Risky Login alert is triggered when a login is completed that Microsoft believes is risky, meaning there is some doubt or suspicion that the login may be fraudulent (and be from a malicious actor).

Risky Login

  • Proactive notifications
  • Find out earlier
  • Protect user accounts
  • Monitor logs
  • Confirm legitimate access
Impact

Real World Impact

Problem Faced

Isabella frequently logins from various locations as her work involves travelling. One of her logins has been flagged as risky by Microsoft, due to reasons that might not be made apparent to us.

This may be a sign of a compromised account. Under this situation we strongly urge the review of logins to ensure all are legitimate. If any of the logins are not legitimate, then we suggest an immediate password reset and further incident investigation.

Solution

It is absolutely critical that any logins identified as risky are reviewed as a priority. If it is a fraudulent login, then immediate action is required – the longer it is left, the more damage can be caused. The more data that could be stolen, the more end-users, staff, and clients could be impacted. This is not a situation that you want to find out about weeks, months, or even years later.

Checking hundreds, thousands, or potential tens of thousands of login attempts each day is a tedious and time-consuming process. The simple fact is that it is not reasonable to expect an administrator to check for risky logins on a daily basis. CatchBefore can undertake this check multiple times per day. The sooner the situation is discovered, the sooner you can take mitigation steps, and reduce the potential for a larger impact.

Prevention

What are the main questions you should consider when working out how to manage this risk?

  • Do you have a system or solution in place to detect risky logins?
  • If there was a risky login from one of your users today, would you find out?
  • How long do you think it would take to find out that one of your user accounts was subject to a risky login?
  • Have you ever checked your system for risky logins?
  • What would the impact be on your organisation if a user account was compromised for an extended period of time without detection?
Blog

Blog Posts

Learn more about the usage and management of 365 from our team.

How to Set Up an App Protection Policy in Office 365 for Maximum Security
09Dec
MS365

How to Set Up an App Protection Policy in Office 365 for Maximum Security

Setting Up Office 365 SMTP Relay: A Guide for Secure Email Communication
07Dec
MS365

Setting Up Office 365 SMTP Relay: A Guide for Secure Email Communication

Understanding Office 365 Autodiscover: How It Works and How to Secure It
20Nov
MS365

Understanding Office 365 Autodiscover: How It Works and How to Secure It

What Is an M365 Tenant and Why Does It Matter for Your Security?
17Nov
MS365

What Is an M365 Tenant and Why Does It Matter for Your Security?

Group Mailbox vs. Shared Mailbox in Office 365: Which One Is Right for You?
15Nov
MS365

Group Mailbox vs. Shared Mailbox in Office 365: Which One Is Right for You?

Mastering PowerShell Function Parameters for Streamlined Office 365 Management
11Nov
MS365

Mastering PowerShell Function Parameters for Streamlined Office 365 Management

CatchBefore it is too late!

Your data is targeted. Safeguard your information with proactive measures.
Book a Demo