cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Simple Question about CAS and CA Policies

Jim_Hill
Copper Contributor

‎Oct 07 2019 07:17 AM

‎Oct 07 2019 07:17 AM

Simple Question about CAS and CA Policies

Several of my Exchange online accounts are subject to frequent login attempts by various means.  Recently I have a bunch of attempts using IMAP from foreign countries.  IMAP is disabled for that account, but SMTP is allowed (for the time being). We we have one CA policy which applies, ,Blocks login from foreign country. When I test using the What If tool these foreign logins using IMAP are indeed blocked. But yet the user account is getting locked and the logs show multiple breakin attempts.  What is going on?  Shouldn't the CA policy and IMAP restriction prevent the login attempt from the first place, or will the log continue to grow with failed logins from IMAP while locking the account? 

655 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by Jim_Hill (Copper Contributor)
Vasil Michev

‎Oct 07 2019 09:50 AM

‎Oct 07 2019 09:50 AM

Solution

Re: Simple Question about CAS and CA Policies

Best configure an authentication policy in Exchange, it stops those attempts before they even hit AAD: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authen...

0 Likes
Reply
Jim_Hill

‎Oct 08 2019 05:58 PM

‎Oct 08 2019 05:58 PM

Re: Simple Question about CAS and CA Policies

@Vasil Michev Thanks very much. Because of your comment I looked up the method to create and apply a new authentication policy. I made one that blocked all basic authentication, then modified it to allow authenticated SMTP. Then I applied it on a per user basis.  This seemed to work well and like you said it should stop it before it gets into the Azure AD.  Thanks so much.

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Jim_Hill (Copper Contributor)
Vasil Michev

‎Oct 07 2019 09:50 AM

‎Oct 07 2019 09:50 AM

Solution

Re: Simple Question about CAS and CA Policies

Best configure an authentication policy in Exchange, it stops those attempts before they even hit AAD: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authen...

View solution in original post

0 Likes
Reply