ACSC Logo
© 2026 GEMXIT
GEMXIT Logo
Identity Security • Entra ID • Sign-in Risk

Using Impossible Travel Sign-ins to Teach Real-World Security Skills

A practical security briefing on identity anomalies, sign-in risk and what “impossible travel” events can reveal about compromised accounts in modern Microsoft environments.

These patterns are a core part of identity and access security in Microsoft Entra ID, where context matters more than a successful login.

Discuss your environment Back to briefings
Agent Foskett Friday Cyber Briefings
Briefing summary

The login succeeded. The user looked normal. But the sign-in logs told a very different story — one that no person could physically explain.

Two distant locations
Successful authentication
Compromise hidden in plain sight

What happened

The account signed in successfully — but not credibly.
An impossible pattern appearedThe same user account showed a successful sign-in from Melbourne, followed shortly after by another from London. The activity was valid in the logs — but impossible in the real world.
The hidden risk Because authentication succeeded, the activity could easily be overlooked. Without active review of sign-in behaviour, compromised access can blend in with normal usage.

This is why strong identity and access controls must include behavioural analysis, not just authentication success.
Lesson learned Successful login events do not always mean safe access. Identity security depends on context, patterns and risk signals — not just a green tick.

This is where security operations and log visibility become critical to uncover patterns that alerts alone may miss.

Related investigations

DMARC Fail Emails Find emails where authentication failed but delivery still occurred. Read more →
Spoofed Sender Domains Detect mismatched sender domains and potential spoofing attempts. Read more →
KQL Threat Hunting Guide Full investigation playbook across Defender, identity and endpoint. Read more →
Reviewing Entra ID sign-ins, risk events or Conditional Access?
GEMXIT helps organisations interpret identity telemetry, strengthen access controls and turn sign-in data into practical security outcomes.

Identity risk often hides inside successful logins. 👉 Strengthen your identity and access controls

Contact GEMXIT
ACSC Logo  GEMXIT PTY LTD   GEMXIT UK LTD   © GEMXIT 2026

Agent Foskett Impossible Travel Sign-ins

This Agent Foskett cyber briefing covers impossible travel events, compromised accounts, identity telemetry and Microsoft Entra sign-in risk.

It highlights why successful authentication alone is not enough to prove trusted access.