Several of my Exchange online accounts are subject to frequent login attempts by various means. Recently I have a bunch of attempts
using IMAP from foreign countries. IMAP is disabled for that account, but SMTP is allowed (for the time being until I can test my third party SMTP tonight). We we have one CA policy which applies which blocks login from foreign country. When I test using
the What If tool these foreign logins using IMAP are indeed blocked. But yet the user account is getting locked and the logs show multiple breakin attempts. What is going on? Shouldn't the CA policy and IMAP restriction prevent the login attempt
from the first place, or will the log continue to grow with failed logins from IMAP while locking the account? I confirmed in PowerShell that IMAP is indeed disabled for this account. Every few minutes I see in the logs a sign in error code
50053 (account locked).
↧