impossible travel exclude one user best practice

kasey170 · ‎Jan 11 2019

We want to exclude one user from impossible travel and are wanting to know the best way to do this, the recommended way so we do not go down the wrong path.

I was thinking make a group with all users, but then we would have to constantly keep updating that group, is there a rule that can be made to exclude just one person from it and enable it on the whole account?

Christopher Hoard · ‎Jan 11 2019

Hi Kasey170,

As per the following article you can exclude users on the detection policy.

https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

Select Exclude to specify users for whom this policy won't apply. Any user selected here won't be considered a threat and won't generate an alert, even if they're members of groups selected under Include.

Hope that helps and answers your question!

Best, Chris

Vasil Michev · ‎Jan 11 2019

I believe the author is referring to the Azure AD Risk events, not necessarily the CAS rules. Although the information presented should be the same, the options we have to configure those differ.

Christopher Hoard · ‎Jan 11 2019

Hi @Vasil Michev

Sure! It is here if they are referring to excluding users from the Azure AD Risk Events policy -

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy

Thanks for pointing this out.

Best, Chris

impossible travel exclude one user best practice

impossible travel exclude one user best practice

Re: impossible travel exclude one user best practice

Re: impossible travel exclude one user best practice

Re: impossible travel exclude one user best practice

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

impossible travel exclude one user best practice

impossible travel exclude one user best practice

Re: impossible travel exclude one user best practice

Re: impossible travel exclude one user best practice

Re: impossible travel exclude one user best practice