How do you check which location you are logged into Microsoft 365 yourself?

We often use the same password for different applications. It is really hard to remember all the passwords. We recycle old passwords that we did use in the past and incorporate a number into them to make it easier to remember.

Here and there, passwords are leaked when large databases are cracked. Sometimes this has a tragic consequence for an individual or for an organization. because in such a hack, your password ends up in thousands of places on the Internet. Sometimes password lists are sold. Or published publicly. Buyers will run with these lists and imprint all these passwords (so to speak) on all the Office 365 tenants. Microsoft recently published that 50 in 10,000 Office 365 accounts are already working hacked. That's quite a lot.

So if you don't have an MFA (a 2nd factor like your fingerprint) there is a greater chance of being hacked. Because you are never sure if someone already knows your password. And your password doesn't have to be so complex anymore so you can remember it too. Win-win right?

Follow this blog to find out where you've logged in recently. Never logged into these locations? Change your password and activate Multi-factor authentication.

Login to the Office 365 portal

• Login to: mysignins.microsoft.com
• This is a page Microsoft created for anyone within a Office 365 organization.

Check which location you are logged into Microsoft 365 yourself

• In this overview you can see the places where you have logged in before. Is there a place between them where you have not been? Then be sure to change your password.

My Microsoft Workaccount

In addition to mysignins.microsoft.com, you also have myworkaccount.microsoft.com

• here you can also get other insights such as the devices you have.
• The organizations your account is in - including external organizations
• Change your password
• Privacy settings - privacy statements
• Your office 365 Applications - to install it yourself at your home.
• Subscriptions - here you can find exactly what licenses you have.

Users can report 'This wasn't me' on unwanted login attempt

Recently, it has become possible to detect unusual activity and indicate or teach Microsoft that the attempts made are wrong. Identity protection is an option you can find within Microsoft 365 and gives the ability to increase security.

Getting started with MySign-Ins?

Browse To: https://mysignins.microsoft.com

Is there a place or a moment in time between when you were not online ?

Change your password if necessary!

In this case there is no harm done. Should you see any other message besides your login attempt there is most likely malicious intent involved. Change your password ASAP!

Summary

• It is quite modern that some "controls" come to the users. They are the most important people in an organization. And need control over their account. Or insights that are hard to control by support services. Like the IT Department.
  
• The most logical solution is always MFA activation. You can do this yourself as a user without being enforced by your organization.
  
• A 2nd solution is that a policy can be created so that everyone is more secure in your organization. This can be done with SecurityDefaults. This also brings other implications.
  
• A 3rd solution is to deploy Cloud App-Security . This security solution within Microsoft 365 E3 and E5 gives the ability to provide risk visibility and automatic reporting to specific individuals. For example, when someone in another country consults or downloads documents on an unknown device.
  
• It is also possible to monitorand report risky sign-ins. This is the most widely used monitor because you can clearly see suspicions and risks in an overview.