The o365 Login Analyzer creates notifications for successful logins. If there are successful logins that don't require a notification to be created for them, these detections can be whitelisted in the incident notification that was created.
NOTE: Whitelisting successful o365 logins should only be done from the incident ticket - Do I need to remediate or whitelist the events in the apps?
On the customer level navigate to the incidents list
Locate the incident > view details
Action > add to whitelist
Enter the 2 letter country abbreviation in attributes>location>countryOrRegion field and the user email name in attributes>user>principalName field then add
This will create a new whitelist rule to no longer create email notifications for that detection.