Possible causes of O365 authentications failures:

https://blogs.technet.microsoft.com/abizerh/2015/06/01/possible-causes-of-authentications-failures-for-federated-users-in-office-365/

 

ADFS account lockouts:

https://community.spiceworks.com/topic/673038-continuous-account-lockouts-from-adfs

https://blogs.technet.microsoft.com/pie/2016/02/02/ad-fun-services-track-down-the-source-of-adfs-lockouts/

 

Protecting against DDOS and accounts lockouts:

https://blogs.technet.microsoft.com/rmilne/2014/05/05/enabling-adfs-2012-r2-extranet-lockout-protection/

https://blogs.msdn.microsoft.com/luzhao1/2015/06/24/demystify-extranet-lockout-feature-in-ad-fs-3-0/

http://www.frickelsoft.net/blog/?p=322

AD FS Extranet Lockout: a case of the unintended pun

The threshold for Extranet Lockout Protection should be configured to be lower than the Lockout settings in Windows AD, so ADFS can stop trying to log on before it’s too late

Warning: the availability of the PDC is mandatory for WAP (proxy)-based authentications: look this article for more details: https://websetnet.com/fr/adfs-extranet-lockout-pdc-requirement/

ADFS attacks (video): https://www.youtube.com/watch?v=oTyLdAUjw30

 

 

 

Advertisements