Forum Discussion

Dan Moran's avatar
Dan Moran
Copper Contributor
Nov 18, 2022

Blocking International Countries

We have a conditional access policy that logs off accounts after 5 failed attempts. We also have an international policy blocking all international countries and IPs. unfortunately, these attempts ...
KernelCaleb's avatar
KernelCaleb
Copper Contributor
Nov 19, 2022

Dan MoranHi Dan. Conditional Access policies apply after first factor authentication, so the actor would need to have provided correct credentials before your Conditional Access policies will apply to the sign-in attempt.

https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-block-legacy

  • Dan Moran's avatar
    Dan Moran
    Copper Contributor
    Nov 19, 2022

    KernelCaleb 

    thank you very much for the response.

    So how does anyone block outsiders from locking down accounts with any type of conditional access policy?  This is what we are dealing with.  Accounts get attacked and thus the get locked down.  The policy is doing what we ask it to thankfully.  

    But how do you protect accounts from just being locked down almost like a DDos attack?

    That is the discussion in another group I am with.  

    It just seems there should be some sort of rule that can apply if after x-amount of attempts, block the IP or country or something like that.

     

    Dan

Resources