I have several users accounts, some actual users and a few shared mailboxes that have been getting hammered with log in attempts from China for the past week. A few of these users have started to get regularly locked out and frustrated.
I have conditional access enabled and I am blocking access from everywhere but the United States, but it isn't stopping this attack at all. I also have MFA enabled for one of these accounts, and it's not stopping the log in attempts, or the account from getting blocked.
I have contacted Office 365 support twice and their answer the fist time was to open a ticket with Azure AD support, and not to worry about shared mailboxes because they can't be logged into. Second support call ended with the manager telling again to open a ticket with Azure AD support, and to open some kind of Azure trial to get access to support.
I'm disgusted that MS hold security support behind a paywall and that regular support makes excuses instead of offering real assistance.
What's the point of conditional access if it lets users in blocked countries hammer away at our tenant until they are able to guess a password? Same thing with MFA, why isn't this blocked outright instead of blocking my user?
Has anyone successfully stopped these types of attacks?