Hi @Handian Sudianto ,
my interpretation of failure
and interrupted
sign-ins is:
"Failure" means for instance wrong username/password combination.
"Interrupted" means the authentication process is stopped because of a Conditional Access rule. For instance sign-in from a country that is not allowed by a Conditional Access rule. The conditional Access rule blocks/interrupts the authentication process.
Based on your screenshot the rating if the account is already compromised depends on if you get successful and failed sign-ins with an existing username in consideration of location. In the case of failed sign-ins the username is "known" but maybe the password is unknown.
If you get successful sign-ins by the same user from different locations within a short of time that aren't realistic I would assume the account is compromised or at least suspicious if e.g. there is no VPN connection between the 2 locations. For instance successful sign-ins from the same user in San Francisco and New York within 5 minutes.
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten