I'm working on a simple benchmark script that requires information provided by https://outlook.office365.com/autodiscover/autodiscover.xml. I am using basic authentication with my outlook.com email credentials and it works fine when testing from my computer.
When I shared the script with my colleague (using the same credentials) he was getting a 403 Forbidden response for the request. After some trial and error, it seems like the script is working from multiple different networks inside my country but as soon as I run it from a different country, I get the 403 Forbidden. Since this is a benchmark script it is essential I use the same credentials.
I cannot get any information as to what might cause the issue, given that the script is always the same, I suspect this could be a security feature preventing a user to authenticate from different countries, but I was unable to find any documentation or even mention of it.
Does anyone have an idea what might be causing the 403?
I found the answer. When a request against
autodiscover.xmland other APIs is sent from a country/region that has no previous logins through the website, API requests are responded with403 Forbiddenand marked asUnusual activityin Activity log:After logging in to the account using the browser from that country/region API requests started to work in a few minutes. At this point, I don't know for how long the country/region will be whitelisted before I will have to redo a manual login.