问题描述

嘿，我一直在最艰难的时期内找到一些有关Azure AD Smart Lockout问题的答案，我希望有人对此有所了解.我正在寻求从ADFS转移到PTA，但是对于智能锁定以及如何解决仍存在一些悬而未决的问题 它起作用.

• 具有Prem DirSync的O365的基本Azure AD(无法使用此功能修改智能锁定-10次失败的登录尝试-60
• 内部密码策略设置为高于上述阈值.

下一次失败的登录尝试后的计算结果是什么? (Microsoft不提供这种增加，只是增加了锁定后每次失败尝试后的持续时间)

锁定持续时间的增加在什么时候达到最大值，那是什么值?

您如何解锁通过Smart Lockout锁定的帐户?有效的本地登录到O365会解锁该帐户并重置Smart Lockout的锁定计数器吗?

是否在运行PTA代理的DC或服务器中的任何地方记录了错误的登录尝试? (据我所知，基本的Azure AD没有可用于智能锁定的审核.)

如果在某个可见的地方登录，是否有可能阻止IP甚至尝试尝试登录?

Hey all, I've been having the hardest time find answers to some Azure AD Smart Lockout questions and I'm hoping someone has some experience with it.  I'm looking to move away from ADFS to PTA but there are lingering questions about Smart Lockout and how it functions.

• Basic Azure AD from O365 with on prem DirSync (Smart Lockout can't be modified with this - 10 failed login attempts - 60 second lockout.)
• On premise password policy is set higher than the thresholds above.

What is the calculation after the next failed login attempt? (Microsoft does not supply the increase, just that it does increase the duration after each failed attempt after lockout) 

At what point does the increase in lockout duration meet a maximum value and what is that value?

How do you unlock an account that's locked out via Smart Lockout?  Will a valid on-premise login to O365 unlock the account and reset the lockout counters for Smart Lockout?

Are bad login attempts logged anywhere in a DC or server running the PTA agent? (Basic Azure AD does not have auditing available for Smart Lockout that I know of.)

Is it possible, if logged somewhere visible, to block an IP from even being able to try to attempt a login?

这篇关于Azure AD智能锁定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！