Final answer:
Azure Active Directory Identity Protection is the Microsoft 365 feature that can alert you to suspicious sign-in activities, using machine learning to detect irregular patterns such as login from unfamiliar locations or at atypical times.
Step-by-step explanation:
If you notice suspicious activity during sign-in from a number of user accounts, such as signing in at unusual times and from unexpected locations, the tool or feature in Microsoft 365 designed to alert you to such activity is Azure Active Directory Identity Protection. This feature uses machine learning to detect irregular sign-in activities and can provide risk-based conditional access to your applications. Its capabilities include the detection of sign-ins from unfamiliar locations or atypical times, sign-ins from infected devices, and other indicators of potentially compromised identities.
Office 365 Cloud App Security is more focused on monitoring and controlling data travel across your Office 365 applications, identifying high-risk usage, and more. While Azure Information Protection helps in classifying, labeling, and protecting documents and emails, it does not directly deal with sign-in anomalies. Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats but is not specifically tailored to the detection of unusual sign-ins.