Default Settings - Password Rule Settings - Smart Lockout - Lockout threshold
Why This Matters
Smart lockout protects your organization from brute force attacks by locking out accounts after repeated failed sign-in attempts. If the lockout threshold is set too high, attackers have more opportunities to guess passwords before the account is temporarily blocked. A lower threshold reduces the risk of successful credential guessing while still allowing legitimate users a reasonable number of retries.
What Aether365 Checks
Aether365 verifies that the smart lockout threshold in Microsoft Entra ID is set to a value of 10 or fewer failed attempts. This check appears in the Aether365 dashboard under entra-id checks and ensures your smart lockout configuration aligns with security best practices.
How to Fix
To remediate this issue, configure the smart lockout threshold in Microsoft Entra ID to a value no greater than 10.