Forum Discussion
Poor alert filtering capabilities?
MCAS portal has poor alert filtering capabilities. Any thoughts on adding alert suppressions or something to make it more in line with the security.microsoft.com portal? Sentinel has a new M365 De...
JaredPoeppelman
Microsoft
MicrosoftOk, I misunderstood. Are you referring to what is currently done in the configuration of the policy where a detection can be scoped by user, group, IP, etc.?
I guess some examples would help.
Say you get "admin activity from non-corporate IP" or "multiple failed user logins to an app"
You'd have to edit the policy directly rather than create suppression rules for certain conditions.
