Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V


Azure IDP

Did I travel, Azure Identity Protection say so

Got a medium warning in Azure IDP, it says my account have been out traveling.

Did I moved fast between two geographical location?


specificsrisk eventsuser

What can I do now?

  1. Just reset password (solve)
  2. Prompt for MFA regardless (mitigate)

tools to remidiate

This is how Azure figured it out: keeps a track on logins for each user. London is not Oslo…


Help, Azure AD says my credentials Leaked!

So, waking up to leaked credentials can be frustrating. Probably since you do not know how exactly they got leaked. Fortunatly Azure AD have some sugestions on what to do.

Read more about leaked credentials here:

This is what it looks like in Azure Identity Protection and how you mitigate the impact:

control panel
A very high risk, click the risk to see what it is.


what happened
Here you see what it was all about, click on the event to se which user


who had it leaked
here you see the user. click on the user to get actions on what to do


what to do.
Here is what yo can do


Here is what I did to mitigate the event.


I simply requested the user for a password change. Keep in mind that the malware that did this might have stolen all other passwords as well. It might also be active on the target device, så MFA might be something you should consider.

Also have the user change passwords on all other services he uses!

And, have him wipe his device!

Blog at

Up ↑

%d bloggers like this: