Breached password detection questions

Q1 - Can we get more details about logs throttled to 1 per hour? We went through a few attempts with breached passwords using different accounts in an hour but got only 1 log every hour and didn’t get any more logs of those accounts that we tested after 1 hour. Is this the expected behavior?

That is working as expected. Once you get the event pwd_leak, you will not receive it again after 1 hour, with the purpose of not overwhelming with several logs of this nature.

Q2 - Does the Admin notification contain the total no of breaches?

Yes, the admin notification will include the number of breaches. This doc has the details.

Q3 - Can we get more details about the times for notification frequency (daily, weekly, or monthly)? Will the notifications come during a defined time period?

Around the time of notifications, we do not commit to a certain notification schedule externally. It normally happens around midnight/ early morning UTC.