none
Microsoft IPs Source of ADFS Logon Failures Causing Account Lockout RRS feed

  • Question

  • Reports this morning came in that a strange number of AD user accounts were locked out. Skipping all the diagnosis, it was tracked down to our ADFS server and specifically sourced from ADFS Proxy (outside facing). Firewall logs indicate that while ADFS Proxy policy is enabled, the only IP addresses talking to the ADFS Proxy are all owned by Microsoft as per ARIN. Disabling the policy results in ADFS system not logging failed authentication so the source must be coming from those Microsoft addresses. We do not sync our passwords up to Office 365, thus we use ADFS. Anyway, how do I go about finding out how to stop this traffic at the source? I don't believe it has anything to do with our Office 365 services but have no way of knowing. Any ideas, suggestions? Thanks in advance.
    Friday, January 11, 2019 5:21 PM

All replies

  • Hi Peter,

    This forum focuses on general discussion for Office 365 ProPlus which is the Office desktop applications. I notice your issue is related to ADFS and Office 365 services authentications. To better fix the issue, I suggest you can ask a question in Office 365 for Admins forum for more discussion:

    https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365Admin-mso_dep365-mso_o365b

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.

    Best Regards,
    Winnie Liang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact: tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Office 2019.

    Monday, January 14, 2019 10:22 AM