Azure AD MFA Account Lockout

Helman, James 1 Reputation point
2022-09-29T17:45:02.117+00:00

Is there a way to set MFA account lockout for Azure AD MFA? The settings found under Azure Active Directory > Security > Multifactor authentication > Account lockout appear to only be for MFA server.

246156-screenshot-2022-09-29-124439.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,875 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vukasin Terzic 341 Reputation points MVP
    2022-09-29T18:52:39.9+00:00

    Hello @HelmanJames-3118 ,

    Yes, account lockout can be configured under the Azure MFA.

    Go to Multifactor authentication, and account lockout settings are there.

    246231-screen-shot-2022-09-29-at-115002-am.png

    Please let me know if you need anything else. And if this helped, please click on the Select Answer button to help others who are searching for the same information.

    Thank you,

    Vukasin

    1 person found this answer helpful.

  2. JamesTran-MSFT 36,481 Reputation points Microsoft Employee
    2022-10-04T21:03:13.547+00:00

    @Helman, James
    Thank you for your post and I apologize for the delayed response!

    When it comes to Azure AD MFA Account Lockout you should be able to leverage Azure AD smart lockout feature to customize the Azure AD smart lockout values.

    Manage Azure AD smart lockout values:
    Note: Azure AD Premium P1 or higher licenses for your users

    1. Sign into the Azure portal.
    2. Search for and select Azure Active Directory, then select Security > Authentication methods > Password protection.
    3. Set the Lockout threshold, based on how many failed sign-ins are allowed on an account before its first lockout. The default is 10 for Azure Public tenants and 3 for Azure US Government tenants.
    4. Set the Lockout duration in seconds, to the length in seconds of each lockout. The default is 60 seconds (one minute).
      247547-image.png

    Additional Links:
    Testing Smart lockout
    Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication
    Frequently asked questions about Azure AD Multi-Factor Authentication

    I hope this helps!

    If you have any other questions or if this isn't the feature you were looking for, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.