08-04-2020 10:56 AM
I'm trying to see if there's a way for me to identify if a user's mailbox has been access from a different geolocation and create an alert for it so as to identify if the mailbox is being accessed by a fraud.
08-04-2020 11:40 AM
@Jorel_ReachOutIT
Hi Jorel,
Assuming that you have a Microsoft365 subscription, you can use Azure AD Identity Protection
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protec...
If its with an on premises environment, you will use a VPN solution, then you should check the documentation if you can create alerts.
regards
Guido
08-05-2020 12:10 AM
You cannot do this with the "basic" alerting functionality we have in the SCC, but should be possible if you have MCAS licenses. You will have to define all the "internal" or "known" locations for this to work though.