Alerts appearing to overlap between customers
When alerts appear mixed between tenants, it is due to either the partner CSP admin account being used to connect the multiple customer organizations to SaaS Alerts or a global admin account having access to more than a single organization tenant used for connections.
This occurrence means the API tokens are the same for whichever customers have been connected in this manner, and thus the alerts come back into multiple ORGs.
How to resolve
To resolve please connect each organization with a unique local-global admin (that can only access this single organization's M365 tenant) and not overlap them with a master CSP account.
Additionally deleting the Microsoft connection and then reconnecting it may also resolve this issue.
In a scenario where this does not remove the imported users and the incorrect alerts continue to generate deleting and creating a new instance of the organization may be needed.