Avatar of al4629740
al4629740
Flag for United States of America asked on

Failed attempts to login in Office 365 tenant

I am noticing in my Office 365 tenant that there are numerous "failed login attempts" on almost all the users in the company?  Why does this typically happen and what should I do to protect the company?  I'm wondering if its a bot trying to attempt a hack.

FYI, the main admin account is MFA so that is secure.  Should I consider putting a limit on attempts to login?  If so, how do I do that and will that prevent users from logging that currently have access?
Microsoft OfficeMicrosoft 365Azure

Avatar of undefined
Last Comment
Vasil Michev (MVP)

8/22/2022 - Mon
Kundan Gupta

I would suggest applying Conditional access policies by restricting those IP addresses if its coming form a specific region.

This happens when someone use password spray attack.
al4629740

ASKER
How would I know what region is coming from
Kundan Gupta

Browse to portal.azure.com > Azure Active Directory > Singn-in

Download reports and filter for Failure status and see the Source.

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
David Favor

Easy fix, use one of the several Windows ports of Fail2Ban, such as https://github.com/glasnt/wail2ban or any other.

Fail2Ban works adaptively, on automatic, with no human intervention.

Just setup a rule to scan a log, then for any IP generating 3x bad logins over an hour or day or whatever time you like, block the IP for a day.
ASKER CERTIFIED SOLUTION
Vasil Michev (MVP)

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.