From the access logs in Azure somebody in Nigeia logged in and approved MFA notification that was sent to the app.
Is there a way to see -which- device received and approved the MFA notification? Did they user click on something that popped up without paying attention or did somebody else compromise it somehow?
Office365 Shell WCSS-Client Success
First factor requirement satisfied by claim in the token Primary authentication
MFA requirement satisfied by claim in the token User
Password Password Hash Sync true Multi-factor authentication
Mobile app notification true MFA completed in Azure AD