Default Settings - Password Rule Settings - Smart Lockout - Lockout duration in seconds
The minimum length in seconds of each lockout. If an account locks repeatedly, this duration increases.
| Name | LockoutDurationInSeconds |
| Control | Default Settings - Password Rule Settings |
| Description | Define the password protection and Smart Lockout configurations that can be used to customize the tenant-wide and object-specific restrictions and allowed behavior |
| Severity | High |
How to fix
Details of configuration item
| Recommendation | Prevent attacks using smart lockout - Microsoft Entra ID - Microsoft Learn |
| Configuration | settings |
| Setting | `values |
| Recommended Value | is greater than or equal to 60 |
| Default Value | 60 |
| Graph API Docs | directorySetting resource type - Microsoft Graph beta - Microsoft Learn |
| Graph Explorer | Open in Graph Explorer |
MITRE ATT&CK
| Tactic | Technique | Mitigation |
|---|---|---|
| TA0006 - Credential Access - Credential Access | T1110 - Brute Force | M1018 - User Account Management M1027 - Password Policies |