Has anyone experienced daily summary reports showing clients generating an abnormally large amount of Office 365 traffic? For example, the daily summary report and corresponding dashboard shows that I had a client send 271.87GB and receive 5.35GB yesterday.
We've been seeing this issue for a few months, but it rarely shows up from the same client. Our team investigates every machine for the usual IoC's or any other anomalies, but we've been unable to find workstation related reason for this spike. The one common factor is that the traffic spike starts after-hours and ends shortly before start of day. We've seen this issue internally as well as with customer networks.
From our analysis of the workstations (both internal and customer), we've been unable to find a reason for this spike and are beginning to think it's a false reading.