We've been experiencing a lot of account lockouts recently, likely due to automated attempts connecting to our VPN and Outlook Web Access (OWA). Despite having multi-factor authentication (MFA) in place, these lockouts are becoming a hassle for users. Is there a way to address this issue effectively?
4 Answers
Check if you have a web portal running for your VPN—sometimes issues arise with setups like Cisco ASAs where the portal wasn't turned off when it wasn't needed. This might be why you're seeing lockouts.
It sounds like your system is doing its job. If the lockouts are caused by unauthorized attempts, that’s a good sign. However, if legitimate users are getting locked out frequently, you may want to increase the lockout threshold in Active Directory. Just keep in mind that Azure AD has a default of 10 failed attempts. If your local AD is set lower, it could cause unnecessary lockouts with passthrough authentication.
One way to tackle this problem is to block access to your VPN and OWA from the internet altogether. Lockouts exist to help prevent automated systems from cracking passwords. For OWA and other Entra-protected services, consider switching to passwordless authentication. For the VPN, certificate-based authentication could be a better fit. It’s key to use modern security methods instead of just relying on usernames and passwords that can easily be scripted against.
I’m curious about how you’re determining these are automated attempts and that they target VPN/OWA. What MFA options do you have enabled? If the accounts are being locked, it would suggest that their passwords may be compromised, and they’re only passing the MFA because the lockout is preventing further attempts.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures