What are the Azure MFA account lockout settings?

Tags mfa azure-mfa

Overview

Warning: Users can block access to their own accounts separate from the lockout settings below. An explicit Azure MFA block will be set for 90 days and must be administratively unblocked.

Accounts in Azure AD that have Azure Multi-Factor Authentication (MFA) enabled, are subject to these Azure MFA Account Lockout settings:

  • Number of MFA denials to trigger account lockout: 3 denials
  • Minutes until account lockout counter is reset: 5 minutes
  • Minutes until account is automatically unblocked: 15 minutes

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#account-lockout

Note: This setting does not affect Duo MFA protected accounts.

 

Details

Article ID: 1770
Created
Fri 11/20/20 11:25 AM
Modified
Thu 7/28/22 11:01 AM