This is a known false positive for this detection. You can find more information about all the alerts (including what night generate a false positive) in the Suspicious Activity Guide (this is the ATA version but it's relevant for Azure ATP alerts too): https://aka.ms/atasaguide
For known AAD Connect servers, you can use the "Close and Exclude" option to stop further alerts.