Azure AD Smart Lockout

Azure AD has been out for a while and one of their technology built-in is the Smart Lockout system. In order to get full functionality on Azure, you will require the Azure premium license. How does the Smart Lockout system works? It is quiet simple compared to some article referencing the technology. Firstly, it does not work with GPO, like the traditional on-premise AD. Secondly, it is best worked in a hybrid scenario. It is there to protect against brute-force attack. Brute-force attach is when someone attempts to access your account from our side your network ( Hackers ).

Traditional support would be whereby your IT administrator would have to research where the attempt was coming from, then either try and block that IP or escalate to a managed provider. The Smart Lockout system does this already for you. Microsoft has their own algorithm running on the back to determine the IP and adapt to the lock out policy setup.

How do you configure this policy? It is pretty much straight forward, you will require a Global Admin account to accomplish this. Here are the steps on how to configure this:


  1. Log onto the Azure portal. – Https:// Log in with the Global Admin account3. On the left, select Azure Active Directory4. Then select Authentication Method
  2. 5. Select Password Protection

         6. There you will be able to configure the policy which includes the following:

  • Lockout Threshold
  • Lockout Duration in Seconds
  • Custom Banned Passwords

NOTE: When the account is locked out, it will not affect the user on their machine. This still allows the work without being locked out of their devices.



Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.