Hi,
By default Smart Lockout is enabled on the Tenant and this is for security and prevent from stealing user creds from bad actors, if you are using hybrid setup with users sync to AAD I suggest you to review your Onprem policies and see if it is a mismatch .
When using pass-through authentication, the following considerations apply:
- The Azure AD lockout threshold is less than the AD DS account lockout threshold. Set the values so that the AD DS account lockout threshold is at least two or three times greater than the Azure AD lockout threshold.
- The Azure AD lockout duration must be set longer than the AD DS account lockout duration. The Azure AD duration is set in seconds, while the AD duration is set in minutes.
For example, if you want your Azure AD smart lockout duration to be higher than AD DS, then Azure AD would be 120 seconds (2 minutes) while your on-premises AD is set to 1 minute (60 seconds). If you want your Azure AD lockout threshold to be 5, then you want your on-premises AD lockout threshold to be 10. This configuration would ensure smart lockout prevents your on-premises AD accounts from being locked out by brute force attacks on your Azure AD accounts.
Check this article and it should help you to figure out the policy settings.
[https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout
Hope this helps.
JS
==
Please Accept the answer if the information helped you. This will help us and others in the community as well.