I normally get emails from Microsoft 365 Defender about new incidents maybe 2-5 times per week. In the past 48 hours, I've received 17 such messages. 5 of these were remote code execution alerts referencing my admin account connecting to servers remotely, which aren't uncommon, and the rest have been Impossible travel alerts for various users. I've seen this type of alert before, but not so frequently. Is this indicative of an actual increase in attempts to log in from foreign locations, or is Defender just monitoring this more closely and creating more incidents?
Has anyone else noticed a significant increase in the number of incidents detected this week?