Entra
-
Blog
Microsoft Entra account lockouts caused by user token logging mishap
Microsoft confirms that the weekend Entra account lockouts were caused by the invalidation of short-lived user refresh tokens that were mistakenly logged into internal systems. On Saturday morning, numerous organizations reported that they began receiving Microsoft Entra alerts that accounts had leaked credentials, causing the accounts to be locked out automatically. Impacted customers initially thought the account lockouts were tied to the…
Read More » -
Blog
Widespread Microsoft Entra lockouts tied to new security feature rollout
Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID’s “leaked credentials” detection app called MACE. These alerts and lockouts began last night, with some admins believing they were false positives as the accounts have unique passwords that are not used on any other sites or applications. Microsoft…
Read More » -
Blog
Microsoft Entra “security defaults” to make MFA setup mandatory
Microsoft says it will improve security across Entra tenants where security defaults are enabled by making multifactor authentication (MFA) registration mandatory. This move is part of the company’s Secure Future Initiative, launched in November 2023, to boost cybersecurity protection across its products. “We’re removing the option to skip multifactor authentication (MFA) registration for 14 days when security defaults are enabled.…
Read More »