Forum Discussion

dfoster303's avatar
dfoster303
Copper Contributor
Feb 28, 2023

How to use confirm sign in compromised/safe

It's really unclear how I should use these options in most typical circumstances. For instance, someone attempted to login as one of our users, from another state. It wasn't the user, but the login was not successful due to MFA. So, the login wasn't technically compromised - the threat actor did not gain access to our tenant. But it wasn't "Safe" either - it was not initiated by an authorized user. Unless it was safe because it wasn't compromised? This is confusing!

 

I cannot simply dismiss the instance; I must choose compromised or safe. So, which is it?

  • CalumNC's avatar
    CalumNC
    Copper Contributor
    Did you figure this out in the end?

    I'm in the same situation... The risky sign-in had failed, so there was no breach, but it wasn't a legit sign-in either.

Resources