How do I configure alert for consecutive failed logins to MS services and consecutive login attempts blocked by conditional access policies configured in AAD?

Rodney Lai 0

Example for MS services referred in the question: azure portal, email, M365 portal

I do not wish to set up alert for failed login attempts for specific users/ IP.

Ash G 340 Reputation points

2023-03-07T09:23:37.9133333+00:00

Hi,

You should consider assigning a license that includes Identity Protection to any person who logs on to an administrative console/portal. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

Smart lockout is also available to reduce the risk for the identity scenarios you mention. https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout.

What kind of alert were you proposing? Email notification?

Activity