Hey everyone! I've been facing some frustrating issues with suspicious authentication attempts targeting some of our users in Office 365. We have Multi-Factor Authentication (MFA) and conditional access set up so that only devices joined to Intune can log in, but weirdly, these attempts are still managing to lock user accounts. It appears that the authentication attempts are being allowed before the conditional access rules kick in. I'm reaching out to see if anyone has found effective ways to block these types of attempts before they lead to account lockouts. Thanks in advance!
1 Answer
It sounds like you're dealing with a frustrating situation. First, make sure to check your setup in the Entra admin center; go to Conditional Access and run the troubleshooting diagnostic. That can give you insights into what's happening during the login process. Without knowing more about your specific setup, that would be my starting point.
Thanks for the tip! Here's what I see for account lockouts: they're coming from generic failed credential attempts. I’m more concerned about blocking these failed attempts as users are being locked out multiple times a day.