ID-05Moderate

How to Fix: Configure Smart Lockout Protection

Step-by-step guide to implement configure smart lockout protection in your Microsoft 365 environment.

20-30 minutes

Estimated Time

4

Steps

high

Severity

Recommended Secure

Baseline Level

Why This Matters

Password spray attacks try common passwords across many accounts. Smart lockout detects these patterns and blocks attackers while allowing legitimate users to authenticate. Weak settings leave you vulnerable.

Prerequisites

  • 1Global Administrator or appropriate admin role in Microsoft Entra ID
  • 2Access to Microsoft Entra admin center (entra.microsoft.com)

Expected Configuration

  • Smart lockout is enabled with appropriate thresholds
  • Lockout threshold is 5 or fewer failed attempts
  • Custom banned password list is configured

Remediation Steps

1

Assess Current Identity Configuration

Review your current identity settings in Microsoft Entra ID.

  • Navigate to Microsoft Entra admin center
  • Go to Identity > Users or relevant section
  • Review current configuration
2

Plan Required Changes

Determine what modifications are needed.

  • Compare current state to expected configuration
  • Identify affected users or groups
  • Plan rollout strategy
3

Apply Configuration

Implement the required identity configuration changes.

  • Update relevant settings
  • Configure policies as needed
  • Apply changes to affected scope
4

Validate Changes

Confirm the configuration meets requirements.

  • Run TrueConfig scan
  • Verify expected behavior
  • Monitor for any issues

Related Resources

Control Reference

Full control documentation

FAQ

Common questions answered

Full Guide

Detailed implementation guide

Identity & Authentication Controls

Related security controls

Automate Your Security Configuration

TrueConfig continuously monitors your Microsoft 365 environment and can automatically fix configuration drift. Start your free trial today.

Start Free Trial
← All ControlsView Control Details →