Forum Discussion

David Caddick's avatar
David Caddick
Iron Contributor
Feb 10, 2020
Solved

UEBA - User contact information

When investigating a user and reviewing details on the UEBA page - for User contact information why can I not see the Users Mobile number - this is the most important detail I'm looking for to be abl...
Cloud App Security
  • Yoann_David_Mallet's avatar
    Yoann_David_Mallet
    Feb 24, 2020

    Hi, David Caddick 

     

    This is a good valuable, thanks for sharing. I just passed it around to the team in charge.

     

Yoann_David_Mallet's avatar
Yoann_David_Mallet
Icon for Microsoft rankMicrosoft
Feb 24, 2020

Hi, David Caddick 

 

This is a good valuable, thanks for sharing. I just passed it around to the team in charge.

 

  • David Caddick's avatar
    David Caddick
    Iron Contributor
    Feb 25, 2020

    Yoann_David_Mallet Gal Zilberstein the one other aspect that would be Awesome in MCAS is to get Azure MFA & Conditional Access coming thru - this would enable a much better Alert/Incident filter to balance against "impossible Travel" Alerts.

     

    Thoughts:

    User X successfully logs in from outside <home country>

    IF CA fires & Azure MFA satisfied correctly --> mark as informational only

    IF CA fires & Azure MFA not satisfied --> mark as High Alert + Email directly to Admins + enact Governance tiggers to block/suspend User pending change of password & Azure MFA, etc...