This information explains some reasons MFA may be triggered on your account.

Risky Sign-in's

We are using Risky Sign-ins as the trigger for MFA. 

What are Risky Sign-in's? 

Microsoft collects our sign in data and runs algorithms against it to determine normal and abnormal behavior. That, "abnormal behavior" is what triggers a Risky Sign-in.   

Risk Event Type
Risk Level
Additional Explination
Sign-ins from anonymous IP addressesMediumYou're using Tor browser, anonymous nodes/VPN's. This would be triggered as an anonymous IP address.
Impossible travel to atypical locationsMediumYou're in Colorado Springs at 2:20pm and Mumbai at 2:22pm. This is would be triggered as impossible travel.
Sign-ins from unfamiliar locationsMediumYou're always in Colorado Springs, now you're in England? This would be triggered as an unfamiliar location.
Sign-ins from infected devicesLowYour credentials were used on a network that is hosting malware. This would be triggered as an infected device.
Sign-ins from IP addresses with suspicious activityMediumMicrosoft has seen this IP doing shady stuff and now you are signing in with that IP address. This would be triggered as suspicious activity.