Purview Alerts (UAL)
These alerts leverage the Purview logs layered with Augmentt logic, they assist in alerting of potential risks without the need for Entra P1/P2/Defender licensing.
Update [Jul-09-2024]: We’ve updated sign-in alerts to only generate 1 Sign-in Outside of Country alert per user, per day, in an effort to reduce the number of alerts generated. If the account is under attack, another alert of “3 attempts in an hour” or “5 attempts in a day” will be generated.
Name | Category | Severity | Description | Source | Licensing |
Successful sign-in from typically malicious country | Sign-in Risk | High | Enabled by default | Purview logs | Basic (non-P1) |
Successful sign-in without MFA from outside operating country | Sign-in Risk | High | Enabled by default | Purview logs | Basic (non-P1) |
At least 3 sign-in attempts from outside operating country within an hour | Sign-in Risk | Medium | Enabled by default | Purview logs | Basic (non-P1) |
At least 5 sign-in attempts from outside operating country within 24 hours | Sign-in Risk | Medium | Enabled by default | Purview logs | Basic (non-P1) |
Sign-in attempt from typically malicious country | Sign-in Risk | High | Optional - Disabled by default | Purview logs | Basic (non-P1) |
Risky Sign-In Inside Country | Sign-in Risk | Low | Optional - Disabled by default | Purview logs | Basic (non-P1) |
Risky Sign-In Outside Country | Sign-in Risk | High | Enabled by default | Purview logs | Basic (non-P1) |
Sign-in attempt without MFA from outside operating country | Sign-in Risk | Medium | Optional - Disabled by default | Purview logs | Basic (non-P1) |
Successful sign-in outside operating country | Sign-in Risk | High | Enabled by default | Purview logs | Basic (non-P1) |
Successful Sign-in from unidentifiable location/Ip | Sign-in Risk | Medium | Enabled by default | Purview logs | Basic (non-P1) |