Widespread Microsoft Entra Lockouts Triggered by False Positives in New Security Feature Rollout

Widespread Microsoft Entra Lockouts: A False Positive Alert or a Real Security Concern?

In a recent development, Windows administrators from various organizations have reported widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID’s “leaked credentials” detection app called MACE. This alert has left many administrators scratching their heads, wondering if their accounts have been compromised or if it’s just a glitch.

What is MACE?

MACE is a Microsoft Entra feature used to detect leaked credentials and lockout potentially compromised accounts. It’s designed to help organizations manage user identities and secure access to resources. However, in this case, it appears that MACE has malfunctioned, causing widespread lockouts without any signs of compromise.

The Lockouts

The lockouts began last night, with some admins reporting that their accounts were automatically locked out of the tenant. The affected accounts showed no signs of compromise, such as suspicious sign-ins, and were protected with MFA. Furthermore, breach notification services like Have I Been Pwned (HIBP) had no matches for these accounts.

The Cause

While Microsoft has not publicly confirmed the cause of these lockouts, an engineer from one of the affected organizations reported that it was caused by an issue with the rollout of a new Enterprise application called “MACE Credential Revocation.” This application was added to tenants right before they began receiving the alerts.

What to Do

If you received a flurry of alerts at once, it’s likely that this rollout caused it. While all alerts of leaked credentials should be investigated to confirm that an account was not compromised, it’s essential to remain calm and not panic. Microsoft has not responded to our inquiry about this incident, but it’s likely that they will provide more information soon.

Actionable Insights

Be cautious of false positive alerts, especially when it comes to sensitive information like leaked credentials.
Verify the authenticity of alerts and investigate them thoroughly before taking action.
Keep your software and applications up-to-date to minimize the risk of errors and malfunctions.
Consider implementing additional security measures, such as multi-factor authentication, to enhance your organization’s security posture.

Conclusion

The recent widespread Microsoft Entra lockouts have left many administrators wondering if their accounts have been compromised or if it’s just a glitch. While the cause of the lockouts is still unclear, it’s essential to remain calm and not panic. By verifying the authenticity of alerts and investigating them thoroughly, you can minimize the risk of errors and malfunctions. Remember to keep your software and applications up-to-date and consider implementing additional security measures to enhance your organization’s security posture.

Related Posts

Conquering Your Inner Demons: New Fusion x Synchro Festival Merchandise Unveiled

Northern Lights Alert: Catch the Aurora Borealis in the Northern US This Weekend

Microsoft Hangs Up on Skype: Service to Shut Down May 5, 2025