25,081 questions
I don't believe the service will know if the password is correct or not. The request will have been rejected as soon as it was received, no validation of the password will have been done.
Azure AD authentication error 50053
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 80%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECH%3C/text%3E%3C/svg%3E)
Chris Herdt
26
Reputation points
According to the AADSTS Error Code Reference (https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes), AADSTS50053 can occur for 2 reasons:
- Repeated failed sign-in attempts
- Sign-in attempt was from an IP with malicious activity
In the latter case, it is not clear if the sign-in attempt was blocked before or after the user entered a password.
If the credentials, including the password, were correct, then I would reset the user's password.
If only the username was entered before the block, I would ignore the error.
Can anyone shed light on this?
Microsoft Security Microsoft Entra Microsoft Entra ID
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 17%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECH%3C/text%3E%3C/svg%3E)
Chris Herdt 1 Reputation point2022-04-20T18:17:07.223+00:00 On Protect user accounts from attacks with Azure Active Directory smart lockout it states:
In addition to Smart lockout, Azure AD also protects against attacks by analyzing signals including IP traffic and identifying anomalous behavior. Azure AD will block these malicious sign-ins by default and return AADSTS50053 - IdsLocked error code, regardless of the password validity.
However, there are 2 AADSTS50053 failure reasons and the AADSTS error code description suggests that the IdsLocked error code is associated with repeated sign-in attempts, not with IP addresses with malicious activity. It's possible that the IdsLocked error code refers to both, but that's not clear from the documentation.
-
Chris Herdt 1 Reputation point
2022-04-20T21:30:50.727+00:00 Looks like this question was asked before, with largely unsatisfactory answers:
However, that did point me to the Authentication Details section of the log entries (I was viewing these via Azure Sentinel). The authenticationStepResultDetail includes additional information. For all the examples I could find in my tenant, the value was "Incorrect password".
This suggests that the password was evaluated.
It is not clear what other values the authenticationStepResultDetail field might contain for error code 50053 with failureReason "Sign-in was blocked because it came from an IP address with malicious activity".
Sign in to comment
1 answer
Sort by: Most helpful
-
Sam Cogan 10,812 Reputation points Microsoft Employee Volunteer Moderator2022-04-14T09:28:24.27+00:00