Offline and Realtime detection

Copper Contributor

Hello All,


I have some confusion between realtime and offline detection.

Can someone explain it in a easy manner.

I am aware about real-time detection but what about offline detection.

1. how offline detection works and does it take time to analyze or does user is offline ?

2. why Atypical travel activity and impossible travel comes under Offline detection ?

3. How Unfamiliar sign-in comes under real-time detection ?


Kindly don't paste the information that's already available on the below link


1 Reply
Real-time is shown in the report within 10 minutes and offline takes 48 hours.

But you're referring to Azure Identity Protection and this community is for a different product called Microsoft Defender for Identity :)