ACSC Logo
© 2026 GEMXIT
GEMXIT Logo
Identity Security • Entra ID • Sign-in Risk

Using Impossible Travel Sign-ins to Teach Real-World Security Skills

A practical security briefing on identity anomalies, sign-in risk and what “impossible travel” events can reveal about compromised accounts in modern Microsoft environments.

Discuss your environment Back to briefings
Agent Foskett Friday Cyber Briefings
Briefing summary

The login succeeded. The user looked normal. But the sign-in logs told a very different story — one that no person could physically explain.

Two distant locations
Successful authentication
Compromise hidden in plain sight

What happened

The account signed in successfully — but not credibly.
An impossible pattern appearedThe same user account showed a successful sign-in from Melbourne, followed shortly after by another from London. The activity was valid in the logs — but impossible in the real world.
The hidden riskBecause authentication succeeded, the activity could easily be overlooked. Without active review of sign-in behaviour, compromised access can blend in with normal usage.
Lesson learnedSuccessful login events do not always mean safe access. Identity security depends on context, patterns and risk signals — not just a green tick.
Reviewing Entra ID sign-ins, risk events or Conditional Access?
GEMXIT helps organisations interpret identity telemetry, strengthen access controls and turn sign-in data into practical security outcomes.
Contact GEMXIT
ACSC Logo  GEMXIT PTY LTD   GEMXIT UK LTD   © GEMXIT 2026

Agent Foskett Impossible Travel Sign-ins

This Agent Foskett cyber briefing covers impossible travel events, compromised accounts, identity telemetry and Microsoft Entra sign-in risk.

It highlights why successful authentication alone is not enough to prove trusted access.