Forum Discussion
Failed Logins with Cloud App Security - Locked account
MicrosoftSergioT1228 Hi, one way you'd be able to see this is under the investigate blade > users and accounts > filter on the status=Suspended. Does that help?
- Sarahzin_Shane
In addition to Caroline’s response, wanted to confirm that when you’re using Active Directory, that’s showing the alerts coming through Azure ATP as Azure ATP alerts are filtered using the application filter to Active Directory. You’re trying to find Azure ATP detected logins?
Thank you both for your reply.
Our ultimate goal is to replace our current 3rd party tool with CASB to secure our user Identity concerns.
We are trying to get a weekly report for Failed Logons and locked accounts. As ATP is setup on all our DC's, we are looking for Failed logon from AD as well as local accounts on workgroup servers if possible. As I look through the report, it would be great to see the username that was utilized along with the reason it failed. it appears sometimes it has an account name but not always the username. I'm working with Advanced Hunting to see if there is anything there I can use to help supplement our reporting needs.
My current action items from our team:
Schedule weekly report - Failed logon attempts
Schedule weekly report - Locked accounts for the week
Again, Thank you for your time.
Cheers,
