NRT Authentication Methods Changed for VIP Users

M Nurohmat 100 Reputation points

Cannot created new rule for NRT Authentication Methods Changed for VIP Users

Screenshot 2023-06-02 at 4 15 07 AM

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
934 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 25,761 Reputation points Microsoft Employee

    @M Nurohmat Thank you for reaching out to us, similar issue has been discussed here - request you to check the steps, if it helps to resolve the above mentioned issue, also i am checking the same with my team internally as well.

1 additional answer

Sort by: Most helpful
  1. Andrew Blumhardt 9,461 Reputation points Microsoft Employee

    Try running your watchlist query standalone to isolate the issue. It seems that is does not like "User Principal Name" for some reason. You could try using summary instead or maybe this the search key to ensure all VIP records in the watchlist are unique. You could try renaming the column first with a project if the spaces are somehow the issue.

    0 comments No comments