Educause Security Discussion mailing list archives
O365 logs from other Tenants
From: "King, Ronald A." <raking () NSU EDU>
Date: Wed, 18 Aug 2021 15:56:00 +0000
Good morning everyone! We have had two instances where a faculty member has left our employment and had their account disabled. Our SIEM will then alert that the "disabled" account, but with a different .edu domain, has logged into O365. I am guessing the SIEM's O365 API is picking up a log from the other (.edu) tenant. I see the log in the SIEM but not O365. Has anyone seen anything like this before? Thank you, Ronald King Director of OIT Security With Office 365, you can report a message as phishing or junk. Using Outlook in a web browser or the mobile Outlook app, start by clicking/tapping "Junk/Report Junk!" Office of Information Technology (757) 823-2916 (Office) raking () nsu edu<mailto:raking () nsu edu> www.nsu.edu<http://www.nsu.edu/> @NSUCISO (Twitter) [NSU_logo_horiz_tag_4c - Smaller] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- O365 logs from other Tenants King, Ronald A. (Aug 18)