Unable to find the security alert in M365 Defender referenced in an email alert.
This happens a lot. I get these emails from Office365Alerts notifying our team that "A medium-severity alert has been triggered". At the bottom of the email is a link to "View alert details". When I click that, the site shows an error: "Can't find it. Either what you are looking for doesn't exist or you need to use a different search string." So, then I go to the Alerts view and filter to show everything (at least I think I am) but there's nothing related to this particular alert (unusual volume of file sharing). Where did it go? EDIT: Including a screenshot of another email I got today. The result of clicking the 'View alert details' is again the same.
Security Admin Center Tenant Allow/Block List Not Able to Block IPv4?
While using the Security Admin Center Tenant Allow/Block List we have been able to block specific email addresses and IPv6 IP addresses but are unable to block IPv4 IP addresses. We have tried both using the console and the CLI but have turned up unsuccessful both times when it comes to IPv4. A large majority of the phishing attempts that we encounter come from IPv4 addresses but we have been unable to block any of these. Will there ever be functionality for IPv4 within the Tenant Allow/Block list or is the only option to use conditional access policies? Also why is this enterprise tool only functional with IPv6 and without documentation stating that it does not work for IPv4?
