Forum Discussion
Editing 'Risky sign-in' policy in Microsoft Defender for Cloud Apps
Hi Guys, I wonder if I can edit the 'Risky sign-in' policy in Microsoft Defender for Cloud Apps, It looks like I can only edit the 'Trigger alerts with a minimum severity of'. I am trying to exclude...
ozh123 ,
Risky sign-in detections are ingested from Azure Identity Protection to MCAS (the reason can not add exclusions on this particular MCAS policy):
In this case create a new trusted IP range in Azure IdP blade: https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/NamedLocationsBlade
Also, one more option to remove this IP from showing up in false positive alerts - whitelist and tag as VPN from MCAS:
Type in IP and whatever tag name for your reference:
I do not like this too much due to descriptive inaccuracy since those IPs I want to whitelist are not my companies VPNs, but seem to help in many cases not to show up in alerts anymore.