Offline and Realtime detection

Copper Contributor

Hello All,

 

I have some confusion between realtime and offline detection.

Can someone explain it in a easy manner.

I am aware about real-time detection but what about offline detection.

1. how offline detection works and does it take time to analyze or does user is offline ?

2. why Atypical travel activity and impossible travel comes under Offline detection ?

3. How Unfamiliar sign-in comes under real-time detection ?

 

Kindly don't paste the information that's already available on the below link

https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protec...

 

1 Reply
Real-time is shown in the report within 10 minutes and offline takes 48 hours.

But you're referring to Azure Identity Protection and this community is for a different product called Microsoft Defender for Identity 🙂