I've been noticing a huge number of sign-in attempts on my Microsoft accounts, coming from all over the place—different states and even countries. These attempts happen in quick bursts, like 9 login tries in just a minute, and then there's silence for about 24 hours. It's clear there's some kind of bot activity going on, but it's frustrating since I thought 2FA would keep them at bay. The accounts seem fine from the user's side, but I've implemented a conditional rule to only allow sign-ins from US IPs, and that hasn't helped at all. I sent a support ticket to Microsoft but haven't heard back yet. How are others handling this? Any effective strategies out there?
4 Answers
Make sure you've disabled legacy authentication at least, or at minimum, restricted it to internal networks. That can cut down a lot on these unsolicited attempts.
In our case, we had to enable country blocking and limit access just to the USA. We also started sending out reminders for users who travel outside the country, because it can definitely get complicated when they try to log in from abroad.
Honestly, I wouldn’t stress too much about it since our Conditional Access measures block most of those attempts. It's better to focus on strengthening your overall security. 2FA helps, but it’s not foolproof—some people still fall for phishing scams. Consider using passkeys and ensuring device compliance as an extra layer.
One of the simplest solutions might be to set up Conditional Access policies. They can help you manage who can sign in based on location and various other factors. It might require some tweaking at first, but it’s worth a shot!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures