What are the Azure MFA account lockout settings?

Tags mfa azure-mfa


Warning: Users can block access to their own accounts separate from the lockout settings below. An explicit Azure MFA block will be set for 90 days and must be administratively unblocked.

Accounts in Azure AD that have Azure Multi-Factor Authentication (MFA) enabled, are subject to these Azure MFA Account Lockout settings:

  • Number of MFA denials to trigger account lockout: 3 denials
  • Minutes until account lockout counter is reset: 5 minutes
  • Minutes until account is automatically unblocked: 15 minutes


Note: This setting does not affect Duo MFA protected accounts.



Article ID: 1770
Fri 11/20/20 11:25 AM
Thu 7/28/22 11:01 AM