It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-6)

Barracuda Assistant

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Support Services

Barracuda XDR

Overview Documentation Materials

You are currently viewing the legacy Barracuda Campus portal

Due to ongoing compatibility requirements during the migration, some users are still being redirected here. All content is being transitioned to the new Campus Training Portal and Campus Documentation Portal, and this legacy portal will be fully retired once the migration is complete.

Please visit https://campus.barracuda.com for more information.

Simulating Cloud Security Threats - Anomalous Login

Last updated on 2025-04-17 14:50:52

Rule

Microsoft 365 Anomalous Login

Purpose

This detection identifies potentially compromised Office 365 accounts with sign-in scenarios that are anomalous in nature. In this case, we are looking at every unique sign-in and comparing them with the last 90 days usual sign-in characteristics of login for a user such as source geo city rarity, geo country rarity, source IP rarity, user agent rarity, distance travelled from the user's usual location of login, high confidence countries check and suspicious countries check to identify the anomaly using an ML model.

Objective

Detect anomalous logins based on unusual activity patterns.

How to test

Use the test user account to simulate an anomalous login by:
- Login from a rare geographic location (using a VPN).
- Using an unusual IP address or rare user agent string (e.g., different browser or device).