ha9jr (ha9jr) asked a question.
We have an employee that is getting pages of this error on his logs:
Originally the request came through that he was getting repeated email messages that his account had been locked. We reset his password, and logged him out of all office apps on his computer and had him log back in. He came back saying that he was still receiving the emails, so we looked again at his computer, updated his Office 365 apps, set up a new user profile in his outlook app, and cleared his windows cached credentials. That appeared to fix the issue until he mistakently entered a wrong password when unlocking his computer, and the errors started up again. Revoking his sessions in Azure AD and having him log in again seems to fix it temporarily, but each time he makes a mistake on his password, the errors start back up again. Additionally, we've noticed that the sources of those errors are coming from IP addresses in multiple different countries. Can anyone offer any guidance on this?
Hello @ha9jr (ha9jr) Thank you for reacting out to our Community!
This looks like brute force attack. Please review this documentation that provides guidance on brute force with office 365:
https://www.okta.com/resources/whitepaper/securing-office-365-with-okta/
Community members help others by clicking Like or Select as Best on responses. Try it today.