Change Event Risk Level Azure AD Identity Protection

%3CLINGO-SUB%20id%3D%22lingo-sub-45426%22%20slang%3D%22en-US%22%3EChange%20Event%20Risk%20Level%20Azure%20AD%20Identity%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45426%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20change%20the%20Risk%20Level%20for%20%22Impossible%20travel%20to%20atypical%20location%22%20from%20medium%20to%20high%3F%20In%2099%25%20of%20our%20cases%20this%20is%20a%20very%20bad%20occurance%20and%20needs%20immediate%20attention.%20I%20at%20least%20need%20to%20way%20to%20alert%20on%20this%20event.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-45426%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-45558%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20Event%20Risk%20Level%20Azure%20AD%20Identity%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45558%22%20slang%3D%22en-US%22%3E%3CP%3EOther%20than%20that%2C%20you%20can%20use%20ASM%2FCloud%20app%20security%20to%20generate%20notifications%20(or%20perform%20other%20actions)%20upon%20detecting%20such%20events.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-45473%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20Event%20Risk%20Level%20Azure%20AD%20Identity%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45473%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20it%20alerting%20on%20medium%20events%20but%20there%20are%20so%20many%20of%20them%20with%20a%20mobile%20workforce%20that%20at%20times%20it%20is%20overwhelming.%20To%20me%20there%20login%20from%20unusal%20location%20is%20a%20lower%20severity%20than%20the%20login%20from%20locations%20with%20impossible%20travel.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-45458%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20Event%20Risk%20Level%20Azure%20AD%20Identity%20Protection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-45458%22%20slang%3D%22en-US%22%3E%3CP%3EWell%20you%20can%20configure%20an%20action%20other%20than%20just%20sending%20a%20notification%20email.%20Or%20you%20can%20simply%20change%20the%20Alerts%20level%20to%20fire%20up%20notification%20email%20even%20on%20Medium%20risk%20events.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Is there a way to change the Risk Level for "Impossible travel to atypical location" from medium to high? In 99% of our cases this is a very bad occurance and needs immediate attention. I at least need to way to alert on this event.

3 Replies
Highlighted

Well you can configure an action other than just sending a notification email. Or you can simply change the Alerts level to fire up notification email even on Medium risk events.

Highlighted

I have it alerting on medium events but there are so many of them with a mobile workforce that at times it is overwhelming. To me there login from unusal location is a lower severity than the login from locations with impossible travel.

Highlighted

Other than that, you can use ASM/Cloud app security to generate notifications (or perform other actions) upon detecting such events.