Excluding "suspicious authentication failure alerts"

%3CLINGO-SUB%20id%3D%22lingo-sub-524240%22%20slang%3D%22en-US%22%3EExcluding%20%22suspicious%20authentication%20failure%20alerts%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-524240%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3EWhy%20can't%20you%20exclude%20specific%20servers%20for%20following%20%E2%80%9CSuspicious%20authentication%20failures.%E2%80%9D%20Alerts.%20It%20seems%20logic%20to%20me%20that%20this%20feature%20is%20also%20available%20for%20this%20type%20alert.%20Assume%20following%20scenario%3A%20A%20customer%20has%20a%20VDI%20environment%20with%20Citrix%20storefront%20servers.%20It%20is%20normal%20that%20you%20will%20see%20many%20authentication%20failures%20on%20those%20storefront%20servers%20from%20all%20users%20mistyping%20their%20password.%20In%20other%20words%20you%20would%20like%20to%20exclude%20these%20servers%20for%20this%20type%20of%20alert.%20Apparently%20for%20this%20alert%20the%20exclusion%20functionality%20is%20not%20foreseen.%20What%20is%20the%20underlying%20idea%20behind%20this%3F%20Could%20this%20be%20included%20as%20a%20future%20feature%20request%3F%3C%2FP%3E%3CP%3ETHX%3CBR%20%2F%3Ekeith%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-532160%22%20slang%3D%22en-US%22%3ERe%3A%20Excluding%20%22suspicious%20authentication%20failure%20alerts%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-532160%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F307919%22%20target%3D%22_blank%22%3E%40keith_be%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20functionality%20is%20available%20in%20Azure%20ATP.%3C%2FP%3E%0A%3CP%3EFor%20ATA%20we%20will%20add%20it%20as%20a%20FR%2C%20we%20currently%20can't%20commit%20to%26nbsp%3Bbackward-port%20it%20into%20ATA.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%2C%3C%2FP%3E%0A%3CP%3ETali%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-533847%22%20slang%3D%22en-US%22%3ERe%3A%20Excluding%20%22suspicious%20authentication%20failure%20alerts%22%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-533847%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F104809%22%20target%3D%22_blank%22%3E%40Tali%20Ash%3C%2FA%3E%3CFONT%3Ethanks%20for%20your%20answer%20and%20considering%20this%20functionality%20as%20a%20feature%20request.%20Could%20we%20somewhere%20vote%20for%20it%20%3A).%20Hopefully%20you%20port%20it%20soon%20to%20ATA.%3CBR%20%2F%3E%26nbsp%3B%3CBR%20%2F%3EKind%20regards%2C%3CBR%20%2F%3EKeith%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,
 
Why can't you exclude specific servers for following “Suspicious authentication failures.” Alerts. It seems logic to me that this feature is also available for this type alert. Assume following scenario: A customer has a VDI environment with Citrix storefront servers. It is normal that you will see many authentication failures on those storefront servers from all users mistyping their password. In other words you would like to exclude these servers for this type of alert. Apparently for this alert the exclusion functionality is not foreseen. What is the underlying idea behind this? Could this be included as a future feature request?

THX
keith

 

2 Replies

Hi @keith_be ,

 

This functionality is available in Azure ATP.

For ATA we will add it as a FR, we currently can't commit to backward-port it into ATA.

 

Thanks,

Tali

@Tali Ashthanks for your answer and considering this functionality as a feature request. Could we somewhere vote for it :). Hopefully you port it soon to ATA.
 
Kind regards,
Keith