Widespread Microsoft Entra lockouts tied to new security feature rollout

In a Reddit thread posted early this morning, Windows admins reported receiving multiple alerts from Entra indicating that some of their user accounts had been found with credentials leaked on the dark web or other locations. Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. MACE Credential Revocation app is a Microsoft Entra feature used to detect leaked credentials and lockout potentially compromised accounts. These alerts and lockouts began last night, with some admins believing they were false positives as the accounts have unique passwords that are not used on any other sites or applications. Microsoft Entra ID, formerly Azure Active Directory, is a cloud-based identity and access management service that helps organizations manage user identities and secure access to resources. While all alerts of leaked credentials should be investigated to confirm that an account was not compromised, if you received a flurry of alerts at once this rollout likely caused it.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 19 Apr 2025 22:05:12 +0000

Cyber News related to Widespread Microsoft Entra lockouts tied to new security feature rollout

Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com

How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com

How to secure on-prem apps with Entra Application Proxy - If your internal web applications are still internet-facing, then it's time to move away from turning your firewall into Swiss cheese just to externalize apps for your users. To reduce the attack surface, a traditional method, such as a VPN, has its ...
1 year ago Techtarget.com

New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com

Microsoft Addresses Entra ID Token Logging Issue, Alerts to Protect Users - Microsoft has acknowledged a recent issue that triggered widespread alerts in its Entra ID Protection system, flagging user accounts as high risk due to supposed credential leaks on the dark web. The alerts have been attributed to a combination of an ...
1 month ago Cybersecuritynews.com

Widespread Microsoft Entra lockouts tied to new security feature rollout - In a Reddit thread posted early this morning, Windows admins reported receiving multiple alerts from Entra indicating that some of their user accounts had been found with credentials leaked on the dark web or other locations. Windows administrators ...
1 month ago Bleepingcomputer.com

Microsoft Entra account lockouts caused by user token logging mishap - However, an admin for one of the impacted organizations shared an advisory sent by Microsoft stating that the issue was caused by the company mistakenly logging the impacted account's user refresh tokens rather than just their metadata. "On Friday ...
1 month ago Bleepingcomputer.com

Microsoft Breach - How Can I See This In BloodHound? - On January 25, 2024, Microsoft announced Russia's foreign intelligence service breached their corporate EntraID environment. We reviewed the information Microsoft's team provided in their post which contained details significant enough to explain ...
1 year ago Securityboulevard.com

Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com

Microsoft will roll out MFA-enforcing policies for admin portal access - Microsoft will soon start rolling out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure. The company will also ...
1 year ago Bleepingcomputer.com

"Microsoft’s Secure Future Initiative" Biggest cybersecurity Project in Its History - Led by Charlie Bell, Executive Vice President of Microsoft Security, the initiative has mobilized the equivalent of 34,000 engineers working full-time for 11 months to bolster security for Microsoft, its customers, and the broader industry. Following ...
1 month ago Cybersecuritynews.com

Iranian Hackers Developed a New Backdoor to Hack Windows - Peach Sandstorm, an Iranian Hackers group, targets diverse sectors globally, and this group is linked to:-. Using password spray campaigns, Peach Sandstorm exhibits opportunistic behavior, with a history of relying on this tactic. This custom ...
1 year ago Cybersecuritynews.com

Microsoft fixes Entra ID authentication issue caused by DNS change - "Between 17:18 UTC and 18:35 UTC on 25 February 2025, customers attempting to authenticate with Microsoft Entra ID using the Seamless SSO and Microsoft Entra Connect Sync features may have experienced DNS resolution failures when trying to access ...
3 months ago Bleepingcomputer.com

5 ways to secure identity and access for 2024 - 1 This increase is due in part to the rise of generative AI and large language models, which bring new opportunities and challenges for security professionals while affecting what we must do to secure access effectively. Learn how unified multicloud ...
1 year ago Microsoft.com

Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 - With these security concerns top of mind, there is no surprise that in the last five years, the Modern Endpoint Security market has nearly tripled in size to defend against emerging, sophisticated, and persistent threats. Microsoft Defender for ...
1 year ago Techcommunity.microsoft.com

How Strata Identity and Microsoft Entra ID solve identity challenges in mergers and acquisitions - In particular, there is an immediate and profound impact on the identity and access management postures of both companies. While most combined organizations aspire to eventually consolidate their identity systems, this is a challenging and ...
1 year ago Microsoft.com

Microsoft Boosts MSA Signing Service Security on Azure Following Storm-0558 Breach - “We have applied new defense-in-depth protections, migrated the Microsoft Account (MSA) signing service to run on Azure confidential VMs, and we are migrating the Entra ID signing service to Azure confidential VMs,” states the report, ...
1 month ago Cybersecuritynews.com

Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs - Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which ...
1 year ago Darkreading.com CVE-2024-21412 CVE-2024-21351 CVE-2024-21410 CVE-2024-21413

Generative AI Takes on SIEM - With more vendors adding support for generative AI to their platforms and products, life for security analysts seems to be getting deceptively easier. While adding generative AI capabilities to security information and event management is still in ...
1 year ago Darkreading.com

Microsoft Entra ID DNS Resolution Failures Results in Authentication Issues - Organizations should configure Azure Service Health alerts for real-time incident updates and review filtering rules in Entra Connect Sync to minimize blast radius during future outages. This domain facilitates the silent Kerberos ticket exchange ...
3 months ago Cybersecuritynews.com

Microsoft to start enforcing Azure multi-factor authentication in July - Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout ...
1 year ago Bleepingcomputer.com Black Basta

Microsoft Copilot for Security: General Availability details - To help you seize this opportunity, we are excited to announce the general availability of Microsoft Copilot for Security on April 1st. This industry-leading product is the only generative AI solution that helps security and IT professionals amplify ...
1 year ago Techcommunity.microsoft.com

Microsoft's 'Copilot for Security' brings generative AI to the frontlines of cybersecurity - Microsoft announced today that Copilot for Security, a generative AI-powered platform designed to assist security professionals in combating the ever-evolving cyberthreat landscape, will be generally available worldwide starting April 1st. The launch ...
1 year ago Venturebeat.com

Microsoft: Hackers steal emails in device code phishing attacks - "The invitations lure the user into completing a device code authentication request emulating the experience of the messaging service, which provides Storm-2372 initial access to victim accounts and enables Graph API data collection activities, such ...
3 months ago Bleepingcomputer.com

Microsoft links recent Microsoft 365 outage to buggy update - While Microsoft resolved the Microsoft 365 authentication problems over the weekend, another advisory published on the admin center states that Exchange Online users still have issues accessing their calendar entries and email messages using the iOS ...
2 months ago Bleepingcomputer.com