Office 365 activities from IP listed in the ThreatIntelligenceIndicator table
This alert indicates that one or more Office 365 activities such as mailbox logins; SharePoint file access and other have been detected as having been performed from IPs listed in the ThreatIntelligenceIndicator table.
MITRE ATT&CK Tactics
Reported malicious IP address may be a false positive based on the Threat Intelligence feed
1. Review the affected O365 email accounts
2. Manually validate malicious IP address based on various treath intelligence feeds
3. Change account password
4. Perform an investigation in Azure Sentinel based on the account name entity to understand if any other alerts triggered by the same account name in your environment.