Oct 18 2019 04:55 AM
At my client's site I am getting alerts from ASC (as well as MCAS, AD Identity Protection, and Azure ATP) and noticed that two of them, "Logon by an unfamiliar principal" and "Logon from an unusual location" don't list the user ID even though if I go into ASC I can see the user ID there. It would make the alerts so much more useful if the user ID was passed along. The IP Addresses are being sent so hopefully it would not be too hard to pass along the user ID.
Note sure if it is possible but it would also be great to have a link back to the original alert. Maybe as a comment?
Oct 18 2019 09:33 AM
Oct 31 2019 04:52 AM