IAM Event - Account Locked

Event

Account locks.

The IAM Event - Account Locked event occurs when a user (or more commonly a hacker or bot) attempts to log in to the account repeatedly in rapid succession. Microsoft then locks the account.

IMPORTANT This kind of lock does not show in the admin portal. The lock is based on the account ID and the IP location it is being attempted from. In most cases, the account user is unaware of this event as it does not affect their active session.

The account is automatically unlocked after 15 minutes. If the hacker or bot tries again and re-locks the account, SaaS Alerts tracks that activity. If the account is locked by this repeated action more than three times within 12 hours, SaaS Alerts creates an IAM Event - Multiple Account Locks alert.

Recommended action

Contact the customer or user and make them aware of this event. Confirm if the user has been able to gain access to their SaaS application. For some applications, this action only occurs when triggered by an administrator.

Alert type

Alert

More resources

Microsoft account locks information

VIDEO SaaS Alerts account locks video

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!