Risky User Dismissals Generating Defender Alerts

Question

Bit of a odd one we've just noticed as we put our Defender into a Third party SIEM.

When a user gets marked as a risky user (regardless of level - low, medium. etc.) when we dismiss the user risk in Entra it subsequently generates an 'Unfamiliar sign-in properties involving one user' alert in Defender for the user. This alert is automatically resolved as soon as it's generated.

Can anyone shed some light on why this happens? And if there is a way to disable these alerts or the link that generates them?