We had several users this morning whose o365 accounts were locked. Upon inspection we determined that brute force attacks had caused OWA to autolock the accounts. Unfortunately, this also locks the accounts in A.D., so it is a kind of DOS attack. We unlocked the affected accounts, but the locks eventually were reasserted. Talking with MS support there appears to be no easy defense against this kind of attack unless you’re able to whitelist specific public IP addresses for OWA users. We can’t, as OWA typically is used by traveling staff coming from arbitrary public IPs. We are looking into Geo filtering as a mitigating measure. However, the attacks all seem to be originating from the Google Cloud. Perhaps we can implement conditional access policies to add more protection. We have three-factor authentication, and no MFA challenges occurred, so we’re confident the attackers didn’t have any usable passwords. I just checked the status portal link you provided, and I can confirm that that doesn’t load for us either. Right now we don’t have any locked accounts, and users seem to be able to access normally. -mel via cell On Nov 15, 2024, at 6:47 AM, Bruce Freshwater via Outages <outages@outages.org> wrote: Any aware of any ongoing issues with o365? I can't get the page to download the desktop version of o365 apps to load. A user changed his password and can login to o365 on the web, but outlook/onenote/etc. on his desktop won't sign him in, they just load indefinitely after he enters his new password. Teams and Onedrive are working for him though. Also Status page isn’t loading fully: https://portal.office.com/servicestatus Regards, Bruce Freshwater Direct: 412.722.1701 Mobile: 412.292.0282 Main: 866.707.5869 Fax: 412.774.2469 Email: BFreshwater@SierraExperts.com<mailto:BFreshwater@SierraExperts.com> Request Help: Support Portal (SIM)<sim.sierraincidentmanager.com> Sierra Experts <image001.png> 2 Robinson Plaza, Suite 300, Pittsburgh, PA 15205-1017 Our Services: Managed Services<http://www.sierraexperts.com/managed-services/> | Development & Design<https://www.sierraexperts.com/software-development/> | Telephony & VoIP<http://www.sierraexperts.com/telephony-and-voip/> | Hardware & Software<http://www.sierraexperts.com/hardware-and-software/> | Data Center<http://sierradatacenters.com/> Stay Connected: Website<http://www.sierraexperts.com/> | Awards<https://www.sierraexperts.com/about-us/> | Facebook<https://www.facebook.com/SierraExperts> | X<https://twitter.com/sierraexperts> | LinkedIn<https://www.linkedin.com/company/sierra-w-o-wires> | Blog<http://www.sierraexperts.com/about-us/blog/> <image002.png> <https://www.sierraexperts.com/2024-top-managed-service-provider/?utm_source=outlook&utm_medium=email&utm_campaign=press-release&utm_content=2024-channel-futures-msp-501> <image003.png> _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
