This information explains some reasons MFA may be triggered on your account.
Risky Sign-in's
We are using Risky Sign-ins as the trigger for MFA.
What are Risky Sign-in's?
Microsoft collects our sign in data and runs algorithms against it to determine normal and abnormal behavior. That, "abnormal behavior" is what triggers a Risky Sign-in.
Risk Event Type | Risk Level | Additional Explination |
|---|---|---|
| Sign-ins from anonymous IP addresses | Medium | You're using Tor browser, anonymous nodes/VPN's. This would be triggered as an anonymous IP address. |
| Impossible travel to atypical locations | Medium | You're in Colorado Springs at 2:20pm and Mumbai at 2:22pm. This is would be triggered as impossible travel. |
| Sign-ins from unfamiliar locations | Medium | You're always in Colorado Springs, now you're in England? This would be triggered as an unfamiliar location. |
| Sign-ins from infected devices | Low | Your credentials were used on a network that is hosting malware. This would be triggered as an infected device. |
| Sign-ins from IP addresses with suspicious activity | Medium | Microsoft has seen this IP doing shady stuff and now you are signing in with that IP address. This would be triggered as suspicious activity. |