The rule 'Multifactor Authentication Interrupted' is designed to detect instances where users attempt to log in with multifactor authentication (MFA) but fail to complete the process. This may indicate that an attacker has compromised the account password but is unable to successfully bypass the MFA challenge. The detection logic is based on specific result types indicated in Azure sign-in logs. It captures two main conditions: when strong authentication is required (ResultType 50074) and when authentication fails during a strong authentication request (ResultType 500121). The rule is built with a notable focus on tracking initial access and credential access attempts, underscoring the importance of securing users' accounts against unauthorized access.