cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

The rule "Attempts to crack distributed passwords in AzureAD" is always detected with the same user.

Chris_321
Copper Contributor

‎Jun 08 2022 04:57 AM - edited ‎Jun 08 2022 05:24 AM

‎Jun 08 2022 04:57 AM - edited ‎Jun 08 2022 05:24 AM

The rule "Attempts to crack distributed passwords in AzureAD" is always detected with the same user.

Hi everyone,

 

I don't know if anyone has had this problem. My problem is that when this rule is detected the same user is always triggered when trying to connect to the "Office 365 Exchange Online" application from a mobile phone and the client application "Exchange ActiveSync".
This rule monitors high login attempts from different locations over a period of time of 1 day.
We know that this is a false positive, as this is a field technician, and we have checked with the user to verify these actions.
As a solution, we have taken the following actions to prevent the alert from being triggered:


-Logging out of the application login and logging back in.

 

But the problem persists, I don't know what else to do or what other mitigations I can see with the user.


I have looked at the login table and only see that the error is thrown when connecting to the "Office 365 Exchange Online" application.


Any ideas?

 

Regards.

Labels:
4,140 Views
0 Likes
2 Replies
Reply
2 Replies
bsukalp

‎Dec 08 2022 05:50 AM

‎Dec 08 2022 05:50 AM

Re: The rule "Attempts to crack distributed passwords in AzureAD" is always detected with

@Chris_321, I see its been few months already for your question. Have you resolved this issue? 

I am also facing this issue. I see that few specific users only this rule is firing up every day. Its strange that its only for specific users and not random or multiple users

0 Likes
Reply
Chris_321

‎Feb 08 2023 10:10 AM - edited ‎Feb 08 2023 10:11 AM

‎Feb 08 2023 10:10 AM - edited ‎Feb 08 2023 10:11 AM

Re: The rule "Attempts to crack distributed passwords in AzureAD" is always detected with

Hi!!!@bsukalp

Sorry for the delay. I was doing some research with the customer and as a solution for me the application was removed and reinstalled again for that user. It seems like it had stuck with an old password and was kind of internally trying to log in all the time.

0 Likes
Reply