Stopping login attempts from mobile devices

%3CLINGO-SUB%20id%3D%22lingo-sub-676493%22%20slang%3D%22en-US%22%3EStopping%20login%20attempts%20from%20mobile%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-676493%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Team.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20a%20user%20who%20is%20having%20their%20account%20locked%20out%2C%20but%20only%20during%20business%20hours.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20suspect%20his%20account%20is%20set%20up%20on%20a%20device%20that%20has%20the%20old%20credentials%20but%20I%20have%20asked%20him%20to%20check%20his%20phones%2C%20tablets%20and%20home%20PC%20to%20no%20avail.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20see%20what%20devices%20are%20attempting%20to%20login%3F%26nbsp%3B%20Or%20to%20stop%20authentication%20attempts%20from%20specific%20devices%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-676493%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-676960%22%20slang%3D%22en-US%22%3ERe%3A%20Stopping%20login%20attempts%20from%20mobile%20devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-676960%22%20slang%3D%22en-US%22%3E%3CP%3EYes%2C%20you%20can%20certainly%20check%20the%20Azure%20AD%20sign-in%20logs%3A%26nbsp%3B%3CFONT%20style%3D%22background-color%3A%20%23ffffff%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fportal.azure.com%2F%23blade%2FMicrosoft_AAD_IAM%2FActiveDirectoryMenuBlade%2FSignIns%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.azure.com%2F%23blade%2FMicrosoft_AAD_IAM%2FActiveDirectoryMenuBlade%2FSignIns%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3EAs%20well%20as%20selectively%20block%2Fdisable%20any%20of%20the%20devices%20he%20has%2C%20then%20re-enable%20them%20one%20by%20one%20until%20you%20find%20the%20culprit.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Hey Team.

 

We have a user who is having their account locked out, but only during business hours.

 

I suspect his account is set up on a device that has the old credentials but I have asked him to check his phones, tablets and home PC to no avail.

 

Is there a way to see what devices are attempting to login?  Or to stop authentication attempts from specific devices?

 

 

1 Reply
Highlighted

Yes, you can certainly check the Azure AD sign-in logs: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/SignIns

As well as selectively block/disable any of the devices he has, then re-enable them one by one until you find the culprit.