Forum Discussion
Azure Active Directory Identity Identity protection alerts suppression
We have sentinel ingesting incidents from Identity protection Risky users, sign-ins and detections from Azure portal > Azure Active Directory > Security. However, Sentinel is getting inundates with a...
I was wondering if anybody has a solution to this.
I get 40 to 50 high alerts a day for risky signins. All failed attempts using the wrong password. Even when the signin would succeed it would be block due to conditional access rules.
Anybody found a solution to reduces the number of alerts, maybe simply to one with many events? I can't seem to find any configuration option.
I get 40 to 50 high alerts a day for risky signins. All failed attempts using the wrong password. Even when the signin would succeed it would be block due to conditional access rules.
Anybody found a solution to reduces the number of alerts, maybe simply to one with many events? I can't seem to find any configuration option.