Forum Discussion
Azure ATP Service Account getting locked out
EliOfek thanks for the idea. I tried it, and it didn't work. I created a brand new account, put is in the portal, and a few hours later the new account locked out. I will also note that the old account, which is no longer associated with the ATP console, did NOT lockout.
is there a way to figure out which Azure ATP agent install is the cause?
Thank you,
Robert
MicrosoftRobren , well, that eliminates any 3rd party action here...
First time I see this kind of outcome.
Are you aware of any special / non standard lockout policy in the forest?
It's weird, because if this is the only credentials you provided to AATP and did not put them anywhere else, then the sensor used them without problems if you see them all running.
If the password would fail, the sensor would not be able to start...
so I am guessing it is getting locked out because of a specific action it does (which is not a wrong password).
Can you share your workspace id (in text format) in a private message? I will try to see if I can find any clues in telemetry from this deployment.
My best suggestion at this point is to check for any special lockout policy besides failed logon attempts.
Also - If you search the new account in AATP portal and go to it's logical activities page, do you see any alerts on this account? any significant logical activities that look odd (besides the lockout which should also appear there).
Just to make sure - once the account is locked out - the sensors fail, correct?