This detection rule aims to identify risky sign-in attempts in Microsoft 365 environments that are characterized by 'impossible travel' scenarios. Such scenarios occur when a user appears to log into their account from geographically disparate locations in an implausibly short amount of time. The rule leverages data from Microsoft Cloud App Security to trigger alerts when a login event with a status of 'success' is detected, indicating that the event stems from an impossible travel activity. The detection focuses on events sourced from the Security Compliance Center, specifically looking for these anomalies in user behavior to help mitigate the risks associated with unauthorized access and potential account compromise. Due to the nature of how such travel anomalies can arise, the false positive rate may vary, and this rule is marked as having a medium threat level.