Forum Discussion
CAS Impossible Travel Alerts
I would like to ask you some suggestion on: How do you handle Impossible Travels Alerts ? How do you verify alert by alert if is a false positive or if actually is something that you should worry ...
Question: once the impossible travel alert has been verified as positive, what action if any should then be taken? For example, should a request then be made for the user to chance their password?
I would say a password change is mandatory at that point in time. As mentioned above, terminating any active sessions would also be recommended. For the folks that happen to be running Azure AD Identity Protection, you could automate some of this using the User and Sign-In Risk policies, which will take the whole risk into account and is mostly automated.