How do I change the account lockout settings for Azure GovCloud accounts?

Question

How do I change the account lockout settings for Azure GovCloud accounts?

Robin Wilson 20

All of the documentation (and even discussions I've found online) tell me how to change the account lockout settings for the Azure Public cloud. But I can't find anywhere that I can adjust the setting for Azure GovCloud (or even see what they are set to). I have a user who was trying to login to his account, and hit the limit and got locked out. (It wasn't his fault, we have been migrating from a local Domain Controller for Active Directory to Azure Active Directory (AAD) - and it somehow dorked up his account today.)

I'd really like to just reset his account so it isn't locked out anymore - but it appears I can't do that either. And because our GovCloud AD is linked to our company AAD (now) he can't use Self-Service Password Reset (SSPR) from GovCloud. (We already reset his password from our AAD setup.)

Akhilesh Vallamkonda 15,235 Reputation points Microsoft External Staff Moderator

2023-12-12T08:17:05.1966667+00:00

Hi @Robin Wilson
Thank you for posting your query on Q&A.
Could you please let us know what the error is your getting when you perform reset and unlock account.
May I know are you referring to smart lockout? if yes please check details here. Also, could you please let us know the type of authentication is used and what end user is trying to access.
Robin Wilson 20 Reputation points

2023-12-12T16:21:21.3133333+00:00

He gets the attached error. It says in red letters: "Your account is temporarily locked to prevent unauthorized use. Try again later, and if you still have trouble, contact your admin." (NOTE: I am the admin.)
Robin Wilson 20 Reputation points

2023-12-12T16:22:58.3633333+00:00

BTW, remember this is a GovCloud account. Also, we reset his password and he can login to his Office 365, and his Public Cloud (DevOps) accounts just fine using his new password. The passwords should have sync'd a while ago, but the account lockout has not gone away since last night.
Robin Wilson 20 Reputation points

2023-12-12T16:28:06.43+00:00

Akhilesh, The link you provided is for Public Cloud. None of the information in there works for GovCloud (so far as I can tell). There is no 'Entra' admin center in GovCloud that I appear to have access to...
Akhilesh Vallamkonda 15,235 Reputation points Microsoft External Staff Moderator

2023-12-13T14:55:47.5133333+00:00

@Robin Wilson
Could you please share the screenshot of the error message, and may I know are you using any federated environment if yes let us know what the federation is type you are using.
There is no lock out setting in Entra ID, If the account gets locked out it will unlock the account based on the organization’s account lockout policies.
Robin Wilson 20 Reputation points

2023-12-13T15:54:58.3233333+00:00

I'm trying to add the image of the error message...
Robin Wilson 20 Reputation points

2023-12-13T15:58:36.91+00:00

Actually, we disconnected the Azure GovCloud Entra system from our Active Directory - and this is now resolved. Thanks.

Now my only question is about syncing up Azure Active Directory (Entra) in the Public Cloud to Azure GovCloud Entra so that our master AAD config is transferred to the GovCloud. Is that possible?
Robin Wilson 20 Reputation points

2023-12-13T16:31:34.8233333+00:00

We really didn't "answer" the original problem. Instead, we disconnected the GovCloud Entra ID from syncing with our old Active Directory domain, and eliminated the issue preventing us from resetting the user's password. In the end, you could argue that this was a misconfiguration issue.
Akhilesh Vallamkonda 15,235 Reputation points Microsoft External Staff Moderator

2023-12-19T07:00:22.45+00:00

@Robin Wilson
This seems it require further troubleshooting. Also, please send us an email on azcommunity [at] microsoft [dot] com referencing this issue thread/post link, with a subject line "ATTN: Akhilesh" along with you Azure subscription id and we will help you with alternative support options on this.

Accepted answer

1 additional answer

Your answer

Akhilesh Vallamkonda 15,235 Reputation points Microsoft External Staff Moderator

2023-12-12T08:17:05.1966667+00:00

Hi @Robin Wilson
Thank you for posting your query on Q&A.
Could you please let us know what the error is your getting when you perform reset and unlock account.
May I know are you referring to smart lockout? if yes please check details here. Also, could you please let us know the type of authentication is used and what end user is trying to access.
Robin Wilson 20 Reputation points

2023-12-12T16:21:21.3133333+00:00

He gets the attached error. It says in red letters: "Your account is temporarily locked to prevent unauthorized use. Try again later, and if you still have trouble, contact your admin." (NOTE: I am the admin.)
Robin Wilson 20 Reputation points

2023-12-12T16:22:58.3633333+00:00

BTW, remember this is a GovCloud account. Also, we reset his password and he can login to his Office 365, and his Public Cloud (DevOps) accounts just fine using his new password. The passwords should have sync'd a while ago, but the account lockout has not gone away since last night.
Robin Wilson 20 Reputation points

2023-12-12T16:28:06.43+00:00

Akhilesh, The link you provided is for Public Cloud. None of the information in there works for GovCloud (so far as I can tell). There is no 'Entra' admin center in GovCloud that I appear to have access to...
Akhilesh Vallamkonda 15,235 Reputation points Microsoft External Staff Moderator

2023-12-13T14:55:47.5133333+00:00

@Robin Wilson
Could you please share the screenshot of the error message, and may I know are you using any federated environment if yes let us know what the federation is type you are using.
There is no lock out setting in Entra ID, If the account gets locked out it will unlock the account based on the organization’s account lockout policies.
Robin Wilson 20 Reputation points

2023-12-13T15:54:58.3233333+00:00

I'm trying to add the image of the error message...
Robin Wilson 20 Reputation points

2023-12-13T15:58:36.91+00:00

Actually, we disconnected the Azure GovCloud Entra system from our Active Directory - and this is now resolved. Thanks.

Now my only question is about syncing up Azure Active Directory (Entra) in the Public Cloud to Azure GovCloud Entra so that our master AAD config is transferred to the GovCloud. Is that possible?
Robin Wilson 20 Reputation points

2023-12-13T16:31:34.8233333+00:00

We really didn't "answer" the original problem. Instead, we disconnected the GovCloud Entra ID from syncing with our old Active Directory domain, and eliminated the issue preventing us from resetting the user's password. In the end, you could argue that this was a misconfiguration issue.
Akhilesh Vallamkonda 15,235 Reputation points Microsoft External Staff Moderator

2023-12-19T07:00:22.45+00:00

@Robin Wilson
This seems it require further troubleshooting. Also, please send us an email on azcommunity [at] microsoft [dot] com referencing this issue thread/post link, with a subject line "ATTN: Akhilesh" along with you Azure subscription id and we will help you with alternative support options on this.

Answer 1

Hi @Robin Wilson
I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others (Opens in new window or tab)", I'll repost your solution in case you'd like to "Accept (Opens in new window or tab)" the answer.

Issue:

All of the documentation (and even discussions I've found online) tell me how to change the account lockout settings for the Azure Public cloud. But I can't find anywhere that I can adjust the setting for Azure GovCloud (or even see what they are set to). I have a user who was trying to login to his account and hit the limit and got locked out. (It wasn't his fault we have been migrating from a local Domain Controller for Active Directory to Azure Active Directory (AAD) - and it somehow dorked up his account today.) I'd really like to just reset his account so it isn't locked out anymore - but it appears I can't do that either. And because our GovCloud AD is linked to our company AAD (now) he can't use Self-Service Password Reset (SSPR) from GovCloud. (We already reset his password from our AAD setup.)

Solution:

The issue is resolved by disconnected the Azure GovCloud Entra ID your local AD Domain Controller and that allowed you to reset passwords/accounts to get them logging in again.

If you have any other questions or are still running into more issues, please let me know.
Thank you again for your time and patience throughout this issue.

Thanks,
Akhilesh.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Akhilesh Vallamkonda 15,235 Reputation points Microsoft External Staff Moderator

2023-12-23T06:02:30.9366667+00:00

@Robin Wilson
Following up to see if the above answer was helpful. If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 2

Robin Wilson 20

This problem has essentially been resolved. We disconnected the Azure GovCloud Entra ID from our local AD Domain Controller and that allowed us to reset passwords/accounts to get them logging in again.

Share via

How do I change the account lockout settings for Azure GovCloud accounts?

1 additional answer

Your answer