Hardening default alert policies

In OCAS, MS have configured a bunch of alerts like "impossible travel".

99% of the time these fire, they are false positives, and results in many alert email and time spent. Can they be hardened?

Ex. We have users in AU and US. Our tenant is in AU. When a user in the US accesses a file in SP, it triggers impossible travel, because the Onedrive/Sharepoint storage is in AU, but the are in US..

Ex. A user accesses a mailbox legitimately that is stored in another country, i get email alerts..

0 Replies

Check This Out! (CTO!) Guide (February AND March 2024)

by BrandonWilson on April 06, 2024

2544 Views

1 Likes

1 Replies

Check This Out! (CTO!) Guide (September 2023)

by BrandonWilson on October 15, 2023

11266 Views

0 Likes

0 Replies

Check This Out! (CTO!) Guide (October 2022)

by BrandonWilson on November 03, 2022

3117 Views

1 Likes

1 Replies

A Light Overview of Microsoft Security Products

by Alan La Pietra on March 29, 2022

59386 Views

11 Likes

6 Replies

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Hardening default alert policies

Hardening default alert policies