Microsoft is providing Azure AD Sign-In History for unusual activity

The official Microsoft blog introduces the latest features of Azure AD Sign-In, which allows users to quickly view all recent logins and unusual behavior. The successful login and failed login behaviors are categorized in the listed login behavior, while the failed login behavior provides detailed records to prevent potential attacking. There have been many cases of corporate users using weak passwords to be blasted. Microsoft hopes to improve the computer security of enterprise users through this improvement.

Users can log in to the account control area to view recent login behaviors. Microsoft provides a separate login log panel for all enterprise users to view all login behaviors. The following information is provided on the login page: someone trying to blast the password, whether the attacker logged into the account from a strange location, which applications the attacker is trying to access, and so on. At the same time, Microsoft also provides summary information about successful logins and failed logins. Users can quickly browse the detailed data of all recent successful logins and failed logins. Microsoft will record the operating system, browser, approximate location, IP address, and applications used by the attacker.

If the user finds that their account has been logged in by an unauthorized user, they can check the security advice provided by Microsoft to improve the overall security of the account. For example, the user needs to change the password immediately to prevent unauthorized users from logging in again, reconfigure security settings, enable multi-factor authentication login in account settings, and the like. Microsoft said that the statistics show that the probability of account theft is reduced by 99.9% after multi-factor authentication is enabled, and few attackers can successfully log in to multi-factor authentication accounts.