Widespread Microsoft Entra lockouts tied to new security feature rollout

Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. These alerts and lockouts began last night, with some admins believing they were false positives as the accounts have unique passwords that are not used on any other sites or applications. Microsoft Entra ID, formerly Azure Active Directory, is a cloud-based identity and access management service that helps organizations manage user identities and secure access to resources. In a Reddit thread posted early this morning, Windows admins reported receiving multiple alerts from Entra indicating that some of their user accounts had been found with credentials leaked on the dark web or other locations. These accounts were automatically locked out of the tenant, with numerous users impacted per organization. "Us as well... about 1/3rd of our accounts got locked out about ~1 hour ago. ... Read full article.