Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, August 2, 2016 3:01 PM
We have the default settings on our Office 365 accounts. if I get the password wrong about ten times, the account gets locked out. But this is only locked out for a very short period of time, before you are allowed to try to log in again. There is no captcha at any stage, so somebody attempting to brute force the passwords would not have anything to stop them, aside for the periodic short lockouts. Is there any way that I can configure lockout to lock the account out for a longer period of time?
thanks,
All replies (1)
Wednesday, November 23, 2016 11:38 AM | 1 vote
Hi,
I have found following information from below article.
https://docs.microsoft.com/en-gb/azure/active-directory/active-directory-passwords-policy
Account Lockout |
After 10 unsuccessful logon attempts (wrong password), the user will need to solve a CAPTCHA dialog as part of logon. After a further 10 unsuccessful logon attempts (wrong password) and correct solving of the CAPTCHA dialog, the user will be locked out for a time period. Further incorrect passwords will result in an exponential increase in the lockout time period. |
|
The purpose of policy is to prevent unauthorised use as brute-force attack instead of blocking the user out of Office 365.
This lockout timing policy is by default for the office 365 services. It cannot be customised.
Sarfaraz