none
Account lockouts happening in our ADFS environment

    Question

  • We have an ADFS farm consisting of 2 ADFS servers and 2 WAP servers. We are using SSO for office365 and other federated apps. Of late, we have noticed frequent account lockouts happening and the source shows as ADFS servers. Checked for the public IP's in the events and most of them are from Microsoft Azure. Now, we have also enabled Extranet feature. Can somebody please tell me how to avoid these lockouts.
    Saturday, April 15, 2017 10:26 AM

All replies

  • hi Vishu53

    We had a similar issue, saw the lockouts on our ADFS servers but the source ips were from the internet .

    We contacted MS and they blocked those ips at our tenant level. Apparently this  seems to be a new viarant of brute force attack and even though we had extranet lockout feature enabled,  onprem accounts were still being locked out.

    After MS blocked  those ips  which took about a week,, (MS needs to improve  their customer response) we haven't seen the issue resurface

    Saturday, April 15, 2017 11:02 AM
  • Thanks Darren. Will check with MS for sure.
    Saturday, April 15, 2017 11:29 AM
  • Hi,

    It looks like the query is more related to ADFS, it is better for you to visit the dedicated ADFS support Forum. 

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=ADFS&filter=alltypes&sort=lastpostdesc

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.

    Thanks for your understanding.

    Best Regards,

    Alvin Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, April 17, 2017 7:45 AM
    Moderator