The activity log within Microsoft Cloud Security Center shows warnings about impossible travel activity on users included in the ReVirt 365 backup;
The user XX performed an impossible travel activity.
The user was active from IP x.x.x.x in COUNTRY and IP x.x.x.x in COUNTRY within X minutes.
Please add the following ReVirt 365 Proxy IP adresses to the IP address range page within Microsoft Cloud Security Center:
This is due to ReVirt 365 connecting to Microsoft 365 as an application impersonating the specific user that is being processed during a backup. This is normal behavior and will only occur when a user is not located in the same region as a ReVirt proxy, e.g. when a user is traveling and has a connection Microsoft 365.
This can be ignored or the above solution can be implemented to improve the accuracy of the alerts within Microsoft Cloud Security Center.