Azure AD : Manage user authentication – Smart lockout feature / settings – study material for – Exam MS-500: Microsoft 365 Security Administration
fig : Microsoft Entra admin center - navigating Azure Active Directory >> Protect & secure >> Authentication Methods >> setting - Custom smart lockout and Lockout threshold
Hi All,
Greetings for the day!!! LIFE IS BEAUTIFUL 🙂
Continue exploring security concept on Knowledge Junction
Today we will discuss concept – Smart lockout
What is Smart lockout
- Smart lockout helps lock out bad actors / users who try to guess our users’ passwords or use brute-force methods to get in
- Smart lockout recognize sign-ins that come from valid users and treat them differently than ones of attackers and other unknown sources
- Attackers get locked out
How smart lockout works
- By default, smart lockout locks the account from sign-in attempts for one minute after 10 failed attempts
- The account locks again after each subsequent failed sign-in attempt, for one minute at first and then longer in subsequent attempts
- Smart lockout tracks the last three bad-password hashes to avoid incrementing the lockout counter for the same password.
- We can edit the smart lockout setting from Azure AD
- Smart lockout is always on, for all Azure AD users
Licenses required to update the settings for smart lockouts in Azure AD
- Azure AD Premium P1 or higher licenses for users.
Limitation
- Using smart lockout doesn’t guarantee that a genuine user is never locked out
Updating smart lockout values in Azure AD
- Navigate to Azure AD admin center. We have detailed article to navigate to Azure AD admin center – Azure Active Directory admin center – navigating to Azure Active Directory admin center
- Now when we navigate “Azure AD admin center” from “Microsoft 365 admin center” we will redirected to “Microsoft Entra admin center” and in left pane “Azure Active Directory” menu in expanded form as
- From “Azure Active Directory” blade – expand “Protect & secure” blade / menu as
- On click of “Authentication methods” we will be navigating to “Authentication methods” blade as
- We have two settings for smart lockout
- Custom smart lockout : How many failed sign-ins are allowed on an account before its first lockout. If the first sign-in after a lockout also fails, the account locks out again
- Lockout threshold : The minimum length in seconds of each lockout. If an account locks repeatedly, this duration increases.
- When smart lockout threshold reaches, account get locked and following message appears
Your account is temporarily locked to prevent unauthorized use. Try again later, and if you still have trouble, contact your admin.
REFERENCES
- Navigate to Azure AD admin center – Azure Active Directory admin center – navigating to Azure Active Directory admin center
Thanks for reading !!! If its worth at least reading once, kindly please like and share !! SHARING IS CARING 🙂
Enjoy the beautiful life !!! Have a FUN !!! HAVE A SAFE LIFE !!! TAKE CARE 🙂
You must log in to post a comment.