How do I configure alert for consecutive failed logins to MS services and consecutive login attempts blocked by conditional access policies configured in AAD?

Question

Rodney Lai 0

Example for MS services referred in the question: azure portal, email, M365 portal

I do not wish to set up alert for failed login attempts for specific users/ IP.

Ash G 360 Reputation points

2023-03-07T09:23:37.9133333+00:00

Hi,

You should consider assigning a license that includes Identity Protection to any person who logs on to an administrative console/portal. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

Smart lockout is also available to reduce the risk for the identity scenarios you mention. https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout.

What kind of alert were you proposing? Email notification?
Jacqueline Perry 5 Reputation points

2024-12-26T21:09:29.7433333+00:00

If I do not have Microsoft Entra ID P2 License, how can I configure an alert for consecutive failed attemps to login using MFA

Your answer

Ash G 360 Reputation points

2023-03-07T09:23:37.9133333+00:00

Hi,

You should consider assigning a license that includes Identity Protection to any person who logs on to an administrative console/portal. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

Smart lockout is also available to reduce the risk for the identity scenarios you mention. https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout.

What kind of alert were you proposing? Email notification?
Jacqueline Perry 5 Reputation points

2024-12-26T21:09:29.7433333+00:00

If I do not have Microsoft Entra ID P2 License, how can I configure an alert for consecutive failed attemps to login using MFA