Identity-Protection

A suspicious browser activity alert indicates anomalous behavior based on suspicious sign-in activity across multiple tenants from different countries in the same browser, potentially indicating compromised credentials or other malicious activity.

Detection of user activity originating from an IP address identified as an anonymous proxy, potentially indicating unauthorized access, privilege escalation, or persistence within an Azure Active Directory environment.

The Atypical Travel detection in Azure Identity Protection identifies potentially compromised user accounts by detecting geographically improbable sign-in activity, indicative of account compromise or misuse.

This brief describes the detection of 'impossible travel' events in Azure AD, where a user appears to log in from geographically distant locations within an implausibly short time frame, potentially indicating account compromise.