SOP-04: Account Compromise & Impossible Travel

Analyst playbook for account compromise and impossible travel alerts. Covers KQL-based travel math, inbox rule and MFA change detection, full Entra ID containment sequence, OAuth consent grant revocation, and safe recovery gate.