When signing in with your test account, fail the multifactor authentication challenge by not passing the MFA challenge.
The sign-in shows up on the report within 10 - 15 minutes.
Atypical travel
Simulating the atypical travel condition is difficult. The algorithm uses machine learning to weed out false-positives such as atypical travel from familiar devices, or sign-ins from VPNs that are used by other users in the directory. Additionally, the algorithm requires a sign-in history of 14 days or 10 logins of the user before it begins generating risk detections. Because of the complex machine learning models and above rules, there's a chance that the following steps won't trigger a risk detection. You might want to replicate these steps for multiple Microsoft Entra accounts to simulate this detection.
To simulate an atypical travel risk detection, perform the following steps:
Enter the credentials of the account you want to generate an atypical travel risk detection for.
Change your user agent. You can change user agent in Microsoft Edge from Developer Tools (F12).
Change your IP address. You can change your IP address by using a VPN, a Tor add-on, or creating a new virtual machine in Azure in a different data center.
Sign-in to https://myapps.microsoft.com using the same credentials as before and within a few minutes after the previous sign-in.
The sign-in shows up in the report within 2-4 hours.
Leaked Credentials for Workload Identities
This risk detection indicates that the application's valid credentials are leaked. This leak can occur when someone checks in the credentials in a public code artifact on GitHub. Therefore, to simulate this detection, you need a GitHub account and can sign up a GitHub account if you don't have one already.
Simulate Leaked Credentials in GitHub for Workload Identities
Browse to Identity > Applications > App registrations.
Select New registration to register a new application or reuse an existing stale application.
Select Certificates & Secrets > New client Secret , add a description of your client secret and set an expiration for the secret or specify a custom lifetime and select Add. Record the secret's value for later use for your GitHub Commit.
Note
You can not retrieve the secret again after you leave this page.
Get the TenantID and Application(Client)ID in the Overview page.
Ensure you disable the application via Identity > Applications > Enterprise Application > Properties > Set Enabled for users to sign-in to No.
Create a public GitHub Repository, add the following config and commit the change as a file with the .txt extension.
In about 8 hours, you're able to view a leaked credential detection under Protection > Identity Protection > Risk Detection > Workload identity detections where other info contains the URL of your GitHub commit.