Forum Discussion

Huw_W1's avatar
Huw_W1
Copper Contributor
Feb 28, 2020
Solved

Detect compromised passwords

After looking in the Sign-in view and seeing all the login attempts trying to guess passwords we implemented MFA, so feel a little more secure! However we still get phishing emails and users will be ...
Access Management
microsoft 365
  • Kelvin Papp's avatar
    Kelvin Papp
    Mar 02, 2020

    Huw_W1,

     

    You'll see a failure reason of "other" in the sign-in logs, as opposed to "invalid username or password":

     

    or...

     

     

    The sign-in error code is also key - 500121 above relates to a failed strong authentication in the context of "other":

     

     

    Regards,

     

    Kelvin

Tim67's avatar
Tim67
Brass Contributor
Feb 29, 2020

Huw_W1 you have quite a few options. 

 

https://docs.microsoft.com/en-us/cloud-app-security/getting-started-with-cloud-app-security

https://docs.microsoft.com/en-us/cloud-app-security/getting-started-with-cloud-app-security 

from there you will be able to automate rules and receive notifications via email

 

Azure AD Sentinel

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins

more difficult and you have to learn how to use this tool

 

O365 ATP with E5 licence

https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide

A very informative place to start looking if you have E5 license in addition with E5 you can also configure "safe links" 

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=o365-worldwide

 

and of course third party tool like Mimecast 🙂 

 

Regards _tim

 

Resources