If you were forced to change your Microsoft password over the Easter Weekend, you weren’t alone.
There have been a significant number of Microsoft Account Password Resets for ‘suspicious activity’
There are numerous posts around the internet suggesting this is a widespread phenomenon. Some organisations have had more occurrences than others.
From what we are reading online, there is no discernible pattern. Both large and small organisations are affected, including tenants managed by partners and those with direct payments to Microsoft.
Organisations from all over the world, with a range of 365 licenses from Business Basic up to Enterprise E5, and licenses with and without Conditional Access are impacted.
Our observations match those of other IT partners. The login message suggests that there is suspicious activity in the account. The Microsoft password might have leaked in the dark web, although dark web scans find no evidence of that.
While Microsoft has not publicly confirmed the cause of these lockouts, Microsoft told one of the affected organisations it was caused by an issue with the rollout of a new Enterprise application called “MACE Credential Revocation.” This seems to be a new Microsoft tool that is used to detect leaked credentials and lockout potentially compromised accounts. For some reason, it has been pushed out fairly broadly around the world, over the long Easter Weekend.
We believe that we have identified all clients and users that have been impacted and are working through these, resetting passwords and offering support. Our support desk is pre-warned ahead of people returning to work on Tuesday after the long weekend.