Error: ReVirt 365 cause multiple warnings about impossible travel activity


Challenge

The activity log within Microsoft Cloud Security Center shows warnings about impossible travel activity on users included in the ReVirt 365 backup;

Description
The user XX performed an impossible travel activity.
The user was active from IP x.x.x.x in COUNTRY and IP x.x.x.x in COUNTRY within X minutes.

Solution

Please add the following ReVirt 365 Proxy IP adresses to the IP address range page within Microsoft Cloud Security Center:

185.170.29.113
185.170.28.248
185.170.28.249

Cause

This is due to ReVirt 365 connecting to Microsoft 365 as an application impersonating the specific user that is being processed during a backup. This is normal behavior and will only occur when a user is not located in the same region as a ReVirt proxy, e.g. when a user is traveling and has a connection Microsoft 365.

This can be ignored or the above solution can be implemented to improve the accuracy of the alerts within Microsoft Cloud Security Center.


Was this article helpful?