Login failed with Sign-in was blocked because it came from an IP address with malicious activity

Question

Hello, I'm looking for a definitive, authoritative answer to what exactly entails a Azure AD login failed with the message "Sign-in was blocked because it came from an IP address with malicious activity". Errore code 50053. On the Authentication Details for the login, the Result Detail is showing "Incorrect password".

I've looked around other posts in forum but I did find only this answer https://docs.microsoft.com/en-us/answers/questions/2646/blocked-signed-in-due-to-ip-what-about-password.html

I would like to know if a login as in this case, with

- Basic info showing as Failure reason "Sign-in was blocked because it came from an IP address with malicious activity"

- Authentication details showing as Result detail "Incorrect password"

is a login with a correct password, which was reject by Azure AD because it came from a known malicious IP, or is a login with a bad password.
I need to know because in the first case the user is compromised, and I need to take action, in the second case the user is not compromised, and this is a standard bruteforce attempt I can safely ignore.

c___b · Answer

Anyone?

asadraza1300 · Answer

Hi buddy, just wanted to know if you have configured Azure AD Identity protection or not ,if yes then for the sign-in risk with malicious ip you need to change the password for the same and for other you can ignor from the portal itself

asadraza1300 · Answer

Please refer this link for more detailshttps://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

c___b · Answer

Thanks, but you didn't answer my question.

c___b · Answer

Resurfacing thread, the initial question is still open.

Forum Discussion

Login failed with Sign-in was blocked because it came from an IP address with malicious activity

7 Replies

Resources