What if ...

... there is an alert which, however, is not a real one?

An account generates an "Impossible Travel" incident

Without using infoWA.RDE.N

  • Microsoft 365 detects the incident
  • Alerts are generated
  • Risk level for login is increased
  • Depending on the configuration, MFA is required for login
The incident will occur again and again

Using infoWA.RDE.N

  • Microsoft 365 detects the incident
  • Alerts are generated
  • Risk level for login is increased
  • Depending on the configuration, MFA is required for login
  • infoWA.RDE.N checks further user activities to evaluate the incident
  • A customer notification requires a response (IP address evaluation: company affiliation yes/no)
  • The infoWA.RDE.N configuration is automatically adjusted according to customer feedback (here: entering the IP address in the SOC configuration and other systems)
Further alerts will be suppressed