We reached out to support to see if there was a work around for ITDR product to block users from accessing VPNs, but without isolating their identities, nor triggering Critical Incident Response alerts each time (while still producing the Incident Report)

Currently our customer has a lot of VPN rules in place to stop users logging in using a VPN however the violation triggers the account to be blocked and an incident created meaning we get a call and text message and need to investigate.

It would be good if we could select what happens when a user violates the rule. Example: don't allow the connection or disable the user in M365 but don't create a critical incident.

Thank you