Allowed logon time hours and correct credentials

Tom Calleja 20 Reputation points
2024-12-12T06:32:05.9233333+00:00

Hi Community,

I've been looking into a large amount of password spraying attempts against our company azure AD user accounts.

The majority of logon failures are due to incorrect credentials, and we use MFA.

My main question surrounds the following failure reasons:

  • "The users attempted to log on outside of the allowed hours (this is specified in AD)."
  • "Access has been blocked due to conditional access policies."

What I'm hoping to find out with these two error messages is if they imply that the credentials were correctly entered, but failed at the step before MFA challenge due to a policy denying the login.

Or will these messages always show at ANY login attempt made if these policies are being enforced at the time of the attempted login?

I'd like to clarify this in case it warrants further investigation against those user accounts for other services if they recycle passwords but don't hold MFA, meaning they may be compromised elsewhere.

Grateful for any further information.

Thanks!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 119.8K Reputation points MVP Volunteer Moderator
    2024-12-12T08:15:18.2033333+00:00

    Well, CA policies act post authentication, so you do seem to have some events where credentials were entered correctly.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.