Widespread Microsoft Entra lockouts tied to new security feature rollout www.bleepingcomputer.com/news/micr…

Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID’s “leaked credentials” detection app called MACE. These alerts and lockouts began last night, with some admins believing they were false positives as the accounts have unique passwords that are not used on any other sites or applications. Microsoft Entra ID, formerly Azure Active Directory, is a cloud-based identity and access management service that helps organizations manage user identities and secure access to resources. In a Reddit thread posted early this morning, Windows admins reported receiving multiple alerts from Entra indicating that some of their user accounts had been found with credentials leaked on the dark web or other locations. These accounts were automatically locked out of the tenant, with numerous users impacted per organization. “Us as well… about 1/3rd of our accounts got locked out about ~1 hour ago. We’re a MSP so I’m assuming this is happening to our clients as well,” posted an admin on Reddit. The locked-out accounts showed no signs of compromise, such as suspicious sign-ins, and were protected with MFA. Furthermore, breach notification services like Have I Been Pwned (HIBP) had no matches for these accounts.​