Forum Discussion
Impossible travel alerts on failed logins
I am picking up impossible alerts that are not relevant. I have specified successful logins only for the Impossible Travel policy but it still alerting on what seems like failed logins. It is also di...
Anyone got an answer to this? Even with Successful login selected it still picks out unsuccessful.
- I'm even getting impossible travel alerts for DISABLED accounts.
This alert is totally useless in its current form- you have to create an authentication policy to block sign-in attempts using legacy protocols such as IMAP, POP and SMTP. Just disabling these protocols in Exchange is not enough, otherwise you will still have people trying to brute force against these disabled accounts.
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online#create-and-apply-authentication-policies
- in my tenant, when I change it to successful sign-ins, I stopped getting the false positives about the failed logons. Perhaps you just need to give it a bit more time.
