Forum Discussion
Impossible travel alerts on failed logins
We are having the same issue. The Alert is not useful at all because 99% of the time it is a failed login. So after a while you start to ignore what could be a very useful and important alert.
Any help Microsoft guru type people?
Paul
Are we asking this question in the wrong place? This question has been sitting here since May with no response other than others having a different issue. Meanwhile I am still getting a bunch of impossible travel alerts from failed logins that aren't helpful because they are masking the real events that I should be paying attention to.
I have it set to text me when I get one of these alerts which is wonderful when I know that it is actually a successful login but I now just ignore these texts because there is so much to sift through.
Can we get any help here? Surely there is a way to change these options.
Thanks,
Paul
Hey Paul,
I should have updated on this but that got overlooked. I am now wondering if the solution is licensing related, and the inaction by MS is intentional to annoy users into paying for a higher tier. Over the summer we went from A3 to A5 licensing (Not sure what those are in non-educational plans) and one thing I found is that I suddenly *do* have the ability to tune the policy triggering the alert. Under advanced configuration there's "Analyze sign-in activities" and it can be set to only successful sign-ins, which has eliminated the problem for me.
the only change in my environment between me not having the option and having it is the licensing. If that's the case it's highly frustrating that they put such a basic thing behind a paywall that can add six figures to your licensing *and* a MS employee responded to this thread and just couldn't clarify that and has left everyone scrambling for over a year.- I am just wondering here why this is an option - why should I track the non-legacy failed sign ins? Is it a higher risk if there is a non-legacy failed sign in compared to a legacy failed sign-in?
