Skip to main content

Default Settings - Password Rule Settings - Smart Lockout - Lockout threshold

How many failed sign-ins are allowed on an account before its first lockout. If the first sign-in after a lockout also fails, the account locks out again.

NameLockoutThreshold
ControlDefault Settings - Password Rule Settings
DescriptionDefine the password protection and Smart Lockout configurations that can be used to customize the tenant-wide and object-specific restrictions and allowed behavior
SeverityHigh

How to fix

Details of configuration item

RecommendationPrevent attacks using smart lockout - Microsoft Entra ID - Microsoft Learn
Configurationsettings
Setting`values
Recommended Value'10'
Default Value10
Graph API DocsdirectorySetting resource type - Microsoft Graph beta - Microsoft Learn
Graph ExplorerOpen in Graph Explorer

MITRE ATT&CK

TacticTechniqueMitigation
TA0006 - Credential Access - Credential AccessT1110 - Brute ForceM1018 - User Account Management
M1027 - Password Policies