- Some Entra ID accounts were being flagged as having actually jeopardized qualifications
- Appears it was simply Microsoft “accidentally generat[ing] [false] informs”
- Users were getting various descriptions from Microsoft
Windows administrators have actually been reporting mass account lockouts throughout numerous companies following a Microsoft Entra ID upgrade.
Numerous think these were incorrect positives set off in Entra ID’s brand-new dripped qualifications detection app (a brand-new function called MACE Credential Revocation), as impacted accounts had special and unused passwords.
One user published to a Reddit thread that around half a lots accounts had actually been obstructed after qualifications were allegedly discovered on the dark web, nevertheless those users didn’t have much in typical, recommending that it wasn’t a targeted attack.
Entra ID may be flagging incorrect positives
“There are no dangerous signins, no other danger detections, everybody is MFA, it’s actually the only thing that’s appeared today, raising the threat on these individuals from no to high,” the Reddit user discussed.
Below the initial post is a series of remarks from other system admins who likewise experienced comparable concerns, with one user sharing a reaction from Microsoft recommending that the accounts had actually been incorrectly flagged:
“On Friday 4/18/25, Microsoft determined that it was internally logging a subset of brief user revitalize tokens for a little portion of users, whereas our basic logging procedure is to just log metadata about such tokens. The internal logging problem was right away remedied, and the group carried out a treatment to revoke these tokens to safeguard clients.”
The notification sees Microsoft confess to “accidentally generat[ing] signals in Entra ID Protection” of expected jeopardized qualifications in between 4AM UTC and 9AM UTC on April 20.
Another user stated they were estimated “Error Code: 53003” for conditional gain access to policy, while another was informed that it was to do with an interruption in their area– although no interruption had actually been reported or logged.
TechRadar Pro has actually asked Microsoft to clarify what took place over the weekend and why users appear to have actually gotten various descriptions. Any upgrade will be published here.
You may likewise like
- Significant TalkTalk Business blackout indicates consumers have actually needed to go without e-mail for over a week
- Keep your account safe with the best password supervisors
- We’ve noted the best identity management software application
