Thank you for the feedback. I also switched the 2FA login to required, and have not seen any of these SID logins since. This happened during the initial rollout, before 2FA was required for everyone.
I know this is old, but I haven’t found the answer to this yet, so I thought I would update the thread. New setup, still bypassing for unknown users. The SIDs match known users in some cases, who have activated phones set up. Not sure why they wou...