ID-05: Configure Smart Lockout Protection

Frequently asked questions about implementing and managing the ID-05 security control in Microsoft 365 and Entra ID.

Q
What is ID-05 (Configure Smart Lockout Protection)?
A

ID-05 is a security control that password spray attacks try common passwords across many accounts. smart lockout detects these patterns and blocks attackers while allowing legitimate users to authenticate. weak settings leave you vulnerable. It requires that smart lockout is enabled with appropriate thresholds and lockout threshold is 5 or fewer failed attempts, custom banned password list is configured.

Related controls:ID-05
Q
Why is Configure Smart Lockout Protection important for Microsoft 365 security?
A

Password spray attacks try common passwords across many accounts. Smart lockout detects these patterns and blocks attackers while allowing legitimate users to authenticate. Weak settings leave you vulnerable.

Related controls:ID-05
Q
How do I implement ID-05 in my tenant?
A

ID-05 requires manual implementation. Requires Entra ID admin access to configure authentication methods

Related controls:ID-05
Q
What license do I need for ID-05?
A

This control can be implemented with any Microsoft 365 subscription, including free Azure AD.

Related controls:ID-05
Q
Which security baseline includes ID-05?
A

ID-05 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.

Related controls:ID-05

5

Questions

1

Related Controls

Categorized

Related Resources

ID-05 Control Reference

Detailed documentation and implementation guidance

Identity & Authentication Controls

All controls in the Identity & Authentication category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →