For the last couple of weeks, we have been seeing multiple failed login attempts to a mailbox that was used utilized for sending No-reply emails and currently that account is disabled.
That attempt looks like brute force from different countries and different Cities, we want to reduce alert noise from our dashboard. We already have conditional access policies in place.
The following suggestion doesn’t fit perfectly with solution we want
- opting out from email notifications, we need to get informed of any security alert on accounts.
That would be great if, someone can share information on how to stop these sign-in attempts on the disabled account.