Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
175 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Since Microsoft disabled all useful policies like Impossible travel i created new custom rule.
BehaviorInfo
| where ActionType == "ImpossibleTravelActivity"
| join BehaviorEntities on BehaviorId
So now the issue is that i cannot find how to filter out "User sign-ins (non-interactive)"
The reason for that is when user is in another country and using WiFi with his mobile phone it get IP from the country that its located, but when wifi is lost and it switch to SIM internet the internet is forwarded to it
s provider of origin and it`s getting IP from his home country. In that case impossible travel is triggered because the user gets 2 IP from different countries in less then a minute.