Forum Discussion
impossible travel exclude one user best practice
We want to exclude one user from impossible travel and are wanting to know the best way to do this, the recommended way so we do not go down the wrong path. I was thinking make a group with all user...
Hi Kasey170,
As per the following article you can exclude users on the detection policy.
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
Select Exclude to specify users for whom this policy won't apply. Any user selected here won't be considered a threat and won't generate an alert, even if they're members of groups selected under Include.
Hope that helps and answers your question!
Best, Chris
As per the following article you can exclude users on the detection policy.
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
Select Exclude to specify users for whom this policy won't apply. Any user selected here won't be considered a threat and won't generate an alert, even if they're members of groups selected under Include.
Hope that helps and answers your question!
Best, Chris
I believe the author is referring to the Azure AD Risk events, not necessarily the CAS rules. Although the information presented should be the same, the options we have to configure those differ.
Hi VasilMichev
Sure! It is here if they are referring to excluding users from the Azure AD Risk Events policy -
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy
Thanks for pointing this out.
Best, Chris
