Have a Customer with multiple users on Android Phones and using the Outlook App and having started noticing these weird grommunio-sync fail2ban notices as it appears the Outlook App might have some azure profile cloning built-in as the app updates the Folders successfully from the Mobile IP but you then get these fail2ban messages with each user attempting connections from a Microsoft IP address as well. So far overnight have had 24 notices of these type of attempts. Any one seeing these?
Lines containing failures of 40.104.59.149 (max 1000)
08/08/2025 07:00:11 [19694] [ INFO] [#s**@d.com] cmd='Ping' memory='2.24 MiB/6.00 MiB' time='0.01s' devType='Outlook' devId='2da41f0e5c264413b01b2cc95e1eabf6' getUser='s@d.com' from='40.104.59.149' idle='0s' version='2.2.2.91fc33a' method='POST' httpcode='401'
08/08/2025 07:00:13 [22071] [ INFO] [s@d.com] cmd='Ping' memory='5.97 MiB/8.00 MiB' time='183.64s' devType='Outlook' devId='2da41f0e5c264413b01b2cc95e1eabf6' getUser='s@d**.com' from='40.104.59.149' idle='181s' version='2.2.2.91fc33a' method='POST' httpcode='200'
NetRange: 40.74.0.0 - 40.125.127.255
CIDR: 40.76.0.0/14, 40.124.0.0/16, 40.120.0.0/14, 40.125.0.0/17, 40.96.0.0/12, 40.80.0.0/12, 40.74.0.0/15, 40.112.0.0/13
NetName: MSFT
NetHandle: NET-40-74-0-0-1
Parent: NET40 (NET-40-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2015-02-23
Updated: 2021-12-14
Ref: https://rdap.arin.net/registry/ip/40.74.0.0
