Reputation: 83
Is there a lockout feature in Azure AD MFA?
I am using AzureAD. And I am implementing MFA. I know that if the user ID and password login fails a certain number of times, it locks me out. However, repeated failures in MFA after passing user ID and password authentication will not lock out the user. Repeated failures on the MFA screen will return you to the initial login screen. Is this a specification? If it is possible to lock out even with MFA, please let me know how.
Upvotes: 0
Views: 1550
Answers (1)
Reputation: 22397
Yes, lockout feature is available in Azure AD MFA. Please note that this feature is applied only when the users use
PIN codefor the MFA prompt.
In order to configure this feature, you need administrator role.
Based on the number of failure trials you provided in settings, account lockout happens respectively.
To configure this feature, please follow below steps:
Go to Azure Portal -> Azure Active Directory -> Security -> Multifactor authentication -> Account lockout
In the above fields, enter the number based on your requirement and Save.
Like this, you can configure lockout feature in Azure AD MFA.
Make sure to use
PINfor MFA authentication.
Complete credits to below Microsoft Doc:
Upvotes: 1
Related Questions
- Azure AD MFA is not deterministic
- MFA automatically enabled on Azure AD B2C tenant
- Enable Azure MFA by changing user state
- How to enforce a MFA session expiry after 24 hours
- Azure MFA for subscription admin
- How to disable MFA during sign-in in Azure AD B2C
- Multi-Factor Authentcation when login to Windows 10 with Azure AD Account
- Can We Control MFA Frequency?
- Azure Active Directory Account Lockout Threshold
- Azure Authentication: Only allow users with MFA enabled