Apple iCloud Private Relay triggering security alerts in SIEM

We’re seeing an uptick in alerts in our SIEM tool for anonymous IP addresses. They’re supposed to be blocked by policy, but we’re getting alerts of successful sign in with anonymous IP’s.

Upon investigation, it’s been determined that these IPs are related to the iCloud Private Relay.

Is anyone else seeing these alerts in their SIEM tool? If so, what steps did you take in modifying the policy to prevent the creation of the alert?

addresses alerts anonymous apple apple icloud blocked cybersecurity icloud icloud private relay investigation ip addresses ips policy private private relay relay security security alerts siem sign tool