Forum Discussion
False Positive Risky users Alerts detected with Zoom IP prefixes
Hi Guys, Good day. I have been observing a few false-positive Risky SignIn alerts involving a few of my company users and all these detections come up with a new IP (3.x.x.x) from the Zoom pool of a...
I had this issue with a customer.
I was also told to add them to the trusted locations, but I didn't want to do that either.
You have to train the Identity Protection model. Each time an alert comes in, mark the sign-in as safe (https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-risk-feedback#how-should-i-give-risk-feedback-and-what-happens-under-the-hood). You will see that the model doesn't learn fast. In my case, I had to do this for at least a month, but after a while these alerts will disappear.
I was also told to add them to the trusted locations, but I didn't want to do that either.
You have to train the Identity Protection model. Each time an alert comes in, mark the sign-in as safe (https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-risk-feedback#how-should-i-give-risk-feedback-and-what-happens-under-the-hood). You will see that the model doesn't learn fast. In my case, I had to do this for at least a month, but after a while these alerts will disappear.