It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Site Security Scanner

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Barracuda XDR

Overview Documentation Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Managed Security Awareness Training (Managed Phishline)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Intronis Backup (ECHOplatform)

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Site Security Scanner

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Simulating Cloud Security Threats - Impossible Travel

Last updated on 2025-04-17 14:46:39

Rule

Microsoft 365 Impossible Travel

Purpose

The impossible travel detection identifies two user activities (in a single or multiple sessions) originating from geographically distant locations within a period shorter than the time it would have taken the user to travel from the first location to the second, indicating that an unauthorized actor is accessing the same account. This is a key indicator that an account has been compromised.

Objective

Detect impossible travel between two geolocations within a short period of time.

Test Workflow

Impossible travel workflow.png

How to test

Choose a VPN Tool such as ExpressVPN, NordVPN, etc. Download and install the VPN client on your device.
In a VPN tool (such as ExpressVPN or NordVPN), connect to a VPN server from a foreign location.
Once connected, login to your Microsoft 365 account. After successfully authenticating, log out of your Microsoft account.
Disconnect the VPN, and immediately login to your Microsoft 365 account from your current location.
A Barracuda XDR alert triggers from the SOC, describing this impossible travel scenario. You can view the alert from the Barracuda XDR Security Dashboard.
We request that you reply to the security alert stating that the reported activity was associated with authorized security testing.
The SOC team closes the incident, marking the conclusion of this threat simulation test.