After you enable free security hardening for an instance, configure common logon locations, IP addresses, times, and accounts. This enables Security Center's unusual logon detection feature to promptly identify remote logon attempts to your instance from unknown or malicious IP addresses.
Security risks
If logon credentials are leaked or an account is compromised, an attacker may use them to access your system, for example, through multiple failed logon attempts or logons from suspicious locations. Unusual logon behavior can also indicate internal threats, such as unauthorized access or permission abuse by employees. The unusual logon detection feature helps you discover and block unauthorized logon attempts and identify potential insider threats.
Best practices
After you enable free security hardening, Security Center can detect unusual logon behavior on your servers. You can configure common logon locations, IP addresses, times, and accounts to receive an alert for any logon attempt that does not match. Security Center supports manual and automatic updates to common logon locations and alerts you about any logon from a different location on your specified assets.
Console
-
Log on to the Security Center console.
-
In the left-side navigation pane, choose .
-
Click the Common Logon Management tab. Configure the common logon location, common logon IP address, common logon time, and common logon account. For more information, see common logon management.
API
Call the ModifyLoginBaseConfig API operation. Use the Type parameter to specify the type of unusual logon detection:
-
login_common_location: common logon location. -
login_common_ip: common logon IP address. -
login_common_time: common logon time. -
login_common_account: common logon account.