@Internexus Just to be clear - This is the SA you are getting?

https://docs.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide#sensitive-accou...


If yes, this is using deep packet inspection , not just a port check...

www.000webhost.com