This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 86%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
We have enabled Okta federation to handle MFA for our Office 365/AzureAD tenant. Some users are being locked out by suspicious activity from IP locations we never use. Looking at our sign in logs, hundreds of failed attempts from locations like France, China, Bangladesh and Singapore along with many others are logged as failed single factor attempts.
If I disable basic authentication, Outlook on the desktop does not connect to Exchange Online although I'm using the latest version of Outlook from Office 365.
Does anyone know how to prevent these basic authentication password attacks and block them? Is there something else I need to do in order to prevent accounts from being locked out by malicious actors?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.
Hi Chris,
Have you tried tuning the lockout threshold?
You could reduce the time the user is locked out, however that would make it easier for the attacker to guess passwords.
Or have you tried blocking those IPs using conditional access? I personally would block the IPs rather than increase the password lockout time too much.
reference:
It is strange that your latest version of outlook is still using basic authentication. Earlier we have seen scenarios where there were lots of attacks that used to happen on IMAP and POP protocols. To overcome this and to make authentication more secure, we got the concept of modern authentication.
To know why your outlook is not making use of modern authentication you will have to open a separate thread with exchange online team.
However, to fix this issue for now, you can use conditional access policy in Azure AD and configure some range of IP addresses or configure named locations which you can use in conditional access policy. This policy will block or allow requests which are coming from specific defined IP address ranges or specific named locations.
You can follow below article as well to configure the same,
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.