DGOV-Bryce
commented
1 year ago I think these, while definitely less relevant, can be left there.
For point 1: There may be cases where contractors are used and meant to sign in via VPN (India, for example), but if they don't it will trigger this once they turn it on to join.
For point 3: I think there are edge cases where a user could be working in say Europe, in which case the timeframe is viable for legitimate travel but would still trigger this, but there still could be impossible travel causes, too.
Not sure that points 1 and 3 are necessary as the alert is supposed to trigger if the sign ins are from different countries