ID-05MediumRecommended Secure

Configure Smart Lockout Protection

Identity & Authentication control for Microsoft 365 and Entra ID

Why This Control Matters

Password spray attacks try common passwords across many accounts. Smart lockout detects these patterns and blocks attackers while allowing legitimate users to authenticate. Weak settings leave you vulnerable.

Expected State

When this control is compliant, your tenant should meet these criteria:

1Smart lockout is enabled with appropriate thresholds
2Lockout threshold is 5 or fewer failed attempts
3Custom banned password list is configured

Enforcement

Default Mode

Advisory

Alerts on deviations but does not make changes

Auto-Remediation

Manual Only

Requires Entra ID admin access to configure authentication methods

Ready to implement this control?

TrueConfig continuously monitors your Microsoft 365 tenant for compliance with this and 50+ other security controls.