Risky Sign-in

Handian Sudianto 4,836 Reputation points
2023-11-10T08:13:34.78+00:00

Hello,

On the Risky sign-ins i can see one user can be located on several countries in a few times.

Is the account already compromises? Also what different 'Interrupted' and 'Failure' on the status?

What can we do to prevent this or to increase the security?

User's image

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,354 questions
{count} votes

Accepted answer
  1. Andreas Baumgarten 107.9K Reputation points MVP
    2023-11-10T08:39:58.6833333+00:00

    Hi @Handian Sudianto ,

    my interpretation of failure and interrupted sign-ins is:

    "Failure" means for instance wrong username/password combination.

    "Interrupted" means the authentication process is stopped because of a Conditional Access rule. For instance sign-in from a country that is not allowed by a Conditional Access rule. The conditional Access rule blocks/interrupts the authentication process.

    Based on your screenshot the rating if the account is already compromised depends on if you get successful and failed sign-ins with an existing username in consideration of location. In the case of failed sign-ins the username is "known" but maybe the password is unknown.

    If you get successful sign-ins by the same user from different locations within a short of time that aren't realistic I would assume the account is compromised or at least suspicious if e.g. there is no VPN connection between the 2 locations. For instance successful sign-ins from the same user in San Francisco and New York within 5 minutes.


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    Andreas Baumgarten


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.