ALERT: Password reuse activity on multiple endpoints

Rakesh Sukumaran 0 Reputation points
2023-04-21T11:00:31.3766667+00:00

We have started receiving multiple Defender alerts from yesterday - 20th April early morning. "A user on this device is reusing the currently logged in account password on a different credential. Use new and complex password for each credential to keep your information safe." Password reuse activity that is triggered every 1-2 minutes on Microsoft 365 Defender. Does anyone knows or experienced this behavior before? In what scenario does this alert breaks in defender alert. Only User's with OS Windows 11 are triggered. we have verified already with all the applications from the user end and nothing seems to be suspicious. does Microsoft is planning to make any changes if this is false positive and what made this alert to trigger suddenly in the environment.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,211 questions
Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,747 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
107 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Lu Dai-MSFT 28,356 Reputation points
    2023-04-24T02:23:13.0066667+00:00

    @Rakesh Sukumaran Thanks for posting in our Q&A.

    For this issue, it is more related to Microsoft Defender. I'm not a support engineer of this product and know little about it. To get more help, it is suggested to contact Microsoft Defender support. Here is the support link:

    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/contact-support?view=o365-worldwide

    Thanks for your understanding and hope everything goes well with you.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments