Forum Discussion
kasey170
Jan 11, 2019Copper Contributor
impossible travel exclude one user best practice
We want to exclude one user from impossible travel and are wanting to know the best way to do this, the recommended way so we do not go down the wrong path.
I was thinking make a group with all users, but then we would have to constantly keep updating that group, is there a rule that can be made to exclude just one person from it and enable it on the whole account?
- Hi Kasey170,
As per the following article you can exclude users on the detection policy.
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
Select Exclude to specify users for whom this policy won't apply. Any user selected here won't be considered a threat and won't generate an alert, even if they're members of groups selected under Include.
Hope that helps and answers your question!
Best, ChrisI believe the author is referring to the Azure AD Risk events, not necessarily the CAS rules. Although the information presented should be the same, the options we have to configure those differ.
Hi VasilMichev
Sure! It is here if they are referring to excluding users from the Azure AD Risk Events policy -
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy
Thanks for pointing this out.
Best, Chris