Failed log on (Failure message: Session information is not sufficient for single-sign-on.)

jdiamond The failed SSO logins with 50058 errors show authentication is not succeeding. Attackers likely guessing passwords rather than having valid session data for those accounts. Anomalous locations indicate irregular access patterns - external attackers trying their luck. Not likely real session compromises.

Enable MFA and passwordless logins across organization to mitigate credential brute forcing risks going forward. Plus daily admin password changes. The goal is requiring more than reused passwords alone to get access. This will harden environment against these kinds of guessing attempts even if odd locations appear concerning initially. Additionally, this is an important reminder to ensure robust backups are in place for your cloud data. Even with hardening measures, data breaches can still occur. Backups provide last line protection if threats bypass other defenses through undiscovered means. Be sure to evaluate backup needs for your unique SaaS applications.