These changes will be released on the 22nd of July 2025
Starting from the 22nd of July, the Sign-In From Unauthorized Country security event will be renamed to Sign-In From Unauthorized Location, with additional enhancements.
What's new?
- Proxy detection: You can now enable alerts for sign-ins from anonymous proxies, even if they originate from an authorized country. Attackers often use proxies or VPNs to hide their true location, bypassing location-based security rules. With this new setting, you can detect these hidden attempts if the anonymous proxy is detected.
- Anonymous User Filtering: If anonymous sharing is tolerated in your organization, you can choose to exclude anonymous users from these alerts, to reduce the number of false positives raised on your organization.
What changes?
The Sign-In From Unauthorized Country security event is renamed to Sign-In From Unauthorized Location.
If you have any automation based on this security event, don’t forget to update it to reflect the new event name.
How to enable the new configurations
These new configurations are not enabled by default and will not impact your existing profiles.
To enable them, in Office Protect, go to the Monitor section, and enable the configuration under Sign-In from Unauthorized Location:
