Forum Discussion
Cloud App Security IP block in Conjunction with Azure AD Conditional Access Policy
Jim Hill
Can you elaborate on the alerts you are seeing in Cloud App Security? Is it one of the anomaly detection alerts such as 'Risky Sign in', 'Activity from anonymous IP address', or 'Multiple failed login attempts'? Or is this an access policy you have in place in MCAS that corresponds to your Azure AD Conditional Access Policy?
Anisha Gupta I think I see what was happening. I had only a subset of users to which the conditional access policy "block login from risky IP's." Once I expanded that rule I see that by using the What If tool that the login attempt was blocked. Regardless, my users know to reject and report any incident during which they see an MFA authentication request on their smart phone apps since that would mean that the login passed the password authentication portion. We also have branding all over our sign in page so hopefully between that, the various rules, and Bitdefender we hope to minimize breaches. Thanks for looking at this.