MCAS keep triggering alerts for a whitelisted IP

Frequent Contributor

We have the impossible travel alert policy in place. We get some users occasionally connecting from other countries for legitimate reasons (Ie VPN/Cross country Apps etc..). We have whitelisted these IP's (all the IP are static) as corporate but the policy keeps triggering. The alerts shows the whitelisted IP.

The whitelist is performed in the "IP address ranges" from MCAS. Has anyone experienced this issue? 


Appreciate any insights on this. Thank you!

2 Replies
This should be sufficient to exclude these IPs from eg the impossible travel detection. If these have been configured more than 24h ago I’d recommend opening a ticket with Microsoft for further investigation.
This has been happening for a few days now with us. glad im not the only one with the issue.