I am noticing in my Office 365 tenant that there are numerous "failed login attempts" on almost all the users in the company? Why does this typically happen and what should I do to protect the company? I'm wondering if its a bot trying to attempt a hack.
FYI, the main admin account is MFA so that is secure. Should I consider putting a limit on attempts to login? If so, how do I do that and will that prevent users from logging that currently have access?
Microsoft OfficeMicrosoft 365Azure
Last Comment
Vasil Michev (MVP)
8/22/2022 - Mon
Kundan Gupta
I would suggest applying Conditional access policies by restricting those IP addresses if its coming form a specific region.
This happens when someone use password spray attack.
al4629740
ASKER
How would I know what region is coming from
Kundan Gupta
Browse to portal.azure.com > Azure Active Directory > Singn-in
Download reports and filter for Failure status and see the Source.
This happens when someone use password spray attack.