Office 365 lockout policy


  • As is, Office 365 only locks an account for one minute when 10 failed login attempts happened. Some hackers seemed to use this vulnerability to gain access to some accounts.

    Anyone knows a solution (even for pay) that will add a login policy to a tenant so the Admin can decide to lock accounts after n number of attempts and keep it locked. Only the Admin will be able to unlock or force a password change.

    Any help is welcome.

    Ofer Gal

    Sunday, December 17, 2017 2:57 PM

All replies

  • There are only some limited option to control the Azure AD policy, and changing the lockout behavior is not one of those. You can however implement different solutions to work around this. First, use the Azure MFA service to provide second-factor authentication. You can also use federation or pass-trough authentication to redirect the authentication process to your on-premises AD, making sure that the On-Prem policies apply, and configure whichever settings you deem necessary there.

    Another alternative is to use the Azure AD event logs and setup an alert to trigger upon failed login attempts. Unfortunately you will need the full Cloud App Security suite for that (as in pay for additional licenses), as the built-in alerting functionality is very limited. But if you do get CAS, you can actually trigger a password reset/account lockout automatically upon detecting specific events.

    Sunday, December 17, 2017 6:44 PM