May 19 2020
07:04 AM
- last edited on
Jan 14 2022
04:31 PM
by
TechCommunityAP
May 19 2020
07:04 AM
- last edited on
Jan 14 2022
04:31 PM
by
TechCommunityAP
In one of our customers, there is an alert related to a global administrator account. There is a conditional access policy in place and password-less sign in is NOT active. Based on sign-in logs, it tells status is failure and sign-in error code is 500121. This attempt is from another country using application 'O365 Suite UX'.
The question is since error 500121 means the user did NOT pass MFA, does that mean that the attacker provided username and 'correct password'? Is it possible to reach MFA stage without providing correct credentials?
Thx,
May 19 2020 07:11 AM