Hi.
We get a lot of these alerts as users from oversees authenticate via Azure then they log into a web app hosted in the USA.
Is there a place in IDR settings that I can add the external/internet IP address of my hosted apps so IDR can ignore these events and not trigger alerts?
For the Multiple Country Authentication, I do not believe so. It is part of the Legacy Detection Rules so until it moves over into the regular detection rule library, I dont think you will be able to without the use of something like InsightConnect
We have an option via support request to whitelist entire geoip organizations, so that if you see things like Netskope or Zscaler for instance you can ignore those entirely from Multi country auth events