Forum Discussion
Azure Active Directory Identity Identity protection alerts suppression
We have sentinel ingesting incidents from Identity protection Risky users, sign-ins and detections from Azure portal > Azure Active Directory > Security. However, Sentinel is getting inundates with a...
BcyberS You could look at Automation Rules and Logic Apps to auto-close known benign signals or scenarios where the user self remediates the risk event. You could use Automation Rules to auto-close Atypical travel. You can use Logic Apps to review the AAD IP alerts and auto-close scenarios where the user self-remediated the risk through MFA or SSPR.