The original post: /r/cybersecurity by /u/No_Mycologist4488 on 2025-02-21 15:40:54.
We get alerts of 3rd party off shore contractors accessing files in M365(which they are supposed to access), however, due to their location, conditional access, and Azure replication/Datacenters, they flag.
The obvious easy out here is to whitelist everything under the sun.
However, due to the fact they are 3rd party contractors, is there a better way to manage risk, see the trees through the forest as far as legitimate alerts vs scrutinizing every alert?
We are using Microsoft Defender and SaasAlerts in tandem.
You must log in or register to comment.