Azure AD MFA Account Lockout

Question

Is there a way to set MFA account lockout for Azure AD MFA? The settings found under Azure Active Directory > Security > Multifactor authentication > Account lockout appear to only be for MFA server.

Answer 1

Hello @HelmanJames-3118 ,

Yes, account lockout can be configured under the Azure MFA.

Go to Multifactor authentication, and account lockout settings are there.

Please let me know if you need anything else. And if this helped, please click on the Select Answer button to help others who are searching for the same information.

Thank you,

Vukasin

Answer 2

@Helman, James
Thank you for your post and I apologize for the delayed response!

When it comes to Azure AD MFA Account Lockout you should be able to leverage Azure AD smart lockout feature to customize the Azure AD smart lockout values.

Manage Azure AD smart lockout values:
Note: Azure AD Premium P1 or higher licenses for your users

1. Sign into the Azure portal.
2. Search for and select Azure Active Directory, then select Security > Authentication methods > Password protection.
3. Set the Lockout threshold, based on how many failed sign-ins are allowed on an account before its first lockout. The default is 10 for Azure Public tenants and 3 for Azure US Government tenants.
4. Set the Lockout duration in seconds, to the length in seconds of each lockout. The default is 60 seconds (one minute).
   

Additional Links:
Testing Smart lockout
Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication
Frequently asked questions about Azure AD Multi-Factor Authentication

I hope this helps!

If you have any other questions or if this isn't the feature you were looking for, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.