Hi,
- Create Conditional access policies to block sign-ins from all the countries except where those two users are supposed to login from.
- Create "Named locations" in Entra ID and block access from the rest of the locations.
Thanks!
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We are currently experiencing a significant automated password-spraying attack on the Office 365 Exchange application targeting the accounts of two high-level employees.
The attack started at 1:36 am this morning and is still ongoing. There have been approximately 250 login attempts. The majority of the unauthorized attempts are from countries other than the US, but there are a few from within the US.
Our security protocols in place appear to be sufficient. This could go on throughout the night or even longer.
The attempted sign-ins are being blocked due to the following reasons:
We have Multi-Factor Authentication (MFA) enabled for all users via SMS and the authenticator app.
In addition, I have created a conditional access policy that blocks sign-ins from countries outside of the US. This would be an extra measure to mitigate the risk. I can also apply it specifically to Office 365 Exchange.
I have not enabled this yet, and it is not yet tested.
Thank you.
Hi,
Thanks!
Is SMTP Auth disabled in ExO? If not it should be.
Or at least disable Basic auth for SMTP submission: