If a group or
a user is removed from the AD catalog, SaaS Security API automatically
closes the incidents for that group or user. This process normally
takes up to 48 hours; in some cases, when you have millions of incidents,
SaaS Security API requires multiple days to close the incidents.
You can also apply policy when group information is
. This can happen because the asset owner has
a username instead of an email address or because the user does
not belong to any of the 100 Azure AD groups for which the SaaS
Security API service has user-group mapping information.
the new rule when you’re
done choosing among the other options.