The dashboard “O365 – ACTIVE DIRECTORY” for your Office 365 integration includes 4 panels signaling when a successful authetication has been registered from a public IP in a country where your organization, in normally circumstances, shouldn't have active users:
After you completed the Office 365 integration, the query to display the data, applied in these panels, includes the country code as a normalized value:
data_office365_Operation:UserLoggedIn AND !data_office365_ActorIpAddress_country_code:COMPANY_COUNTRY_CODE
The “COMPANY_COUNTRY_CODE” value needs to be changed, according to your country code. For example, for the US, modify this query like this:
data_office365_Operation:UserLoggedIn AND !data_office365_ActorIpAddress_country_code:US
If your company operates in several countries, modify accordingly. For example:
data_office365_Operation:UserLoggedIn AND !data_office365_ActorIpAddress_country_code:US AND !data_office365_ActorIpAddress_country_code:UK
You'll have to modify this query in ALL panels reflecting this AUTHS NON TRUSTED situation.
If the dashboard is in read only mode, click the gear icon, top right:
Change the Editable setting:
Close, top right:
And edit each panel:
When finished, don't forget to save the new settings (top right):
NOTE: If the new query doesn't seem to get applied after saving, simply refresh the page.
Was this article helpfu?
Thank you for voting
You are related to multiple companies. Please select the company you wish to login as.