Does it trace down original location of the person even if VPN is used?
The reason for asking is I was using VPN to access corporate sharepoint from another country (as non-uk countries you cant access it), all was working fine until suddenly orginal location of the country appeared and access got blocked to all office365 apps.
The incident was called “IMPOSSIBLE TRAVEL” insofar I remember, after 45 days of using VPN.
So VPN is complete fail against cloud defender? Or did my VPN setup fail or something?
Impossible travel normally means you are in one country then couple of minutes later in another with no way to travel that distance in that time. Your VPN probably disconnected at some point.
So first… “actual location” is not accurate in any aspect. Simple the public IP where you’re connecting from. Be it your home internet, or your vpn providers exit node.
But yes, what you’re seeing is that at some point, your vpn either quit or wasn’t enabled when you were connecting, so defender saw 2 connections, close in time, but far apart in location and flagged it as such.
However it isn’t default policy to block this, your admin will have enabled the block policy.
If you use VPN 24/7, and/or you have a kill switch which stops all traffic if the VPN fails, then Microsoft will only ever see your VPNs exit node.
One other thing to mention, is that Microsoft intelligence is quite good, and can often identify if an IP is linked to a VPN provider. So your admin could build a policy at some point which blocks unapproved VPN usage.
Thanks for giving insider info. Didn’t know much, you have enlightened me.
Thats true, I get VPN endpoint detection and can’t access the sharepoint. But this VPN, it bypassed that.
Don’t know even how the leak occurred. The kill switch was working fine, and i tested it just now.
There has been a lot of noise over the last few weeks about iOS… I’m not sure on what OS you’re using but it might be related?
When you use a vpn… your OS (in theory) should cut any active sessions and reconnect via the VPN. Turns out that iOS continues any active session outside of the vpn… not cutting like it should do!?
Not sure if it related… but worth noting!
And also… don’t do yourself down!! You know more than most… and every day is a school day! 
I don’t know shit…! Lol… but have a lot of war wounds 
Win 10. Thanks, going to talk with manager soon. Wish me luck lol
