Smart Lockout — Solving Microsoft 365

Smart Lockout in Microsoft Entra ID is the mechanism that locks out attackers attempting credential brute-force or password-spray while keeping legitimate users signed in. Microsoft tracks failed sign-in attempts by IP and user agent; after a configurable threshold (10 attempts by default, locking for 60 seconds), further attempts from that source are blocked. Legitimate users on different devices / locations aren't affected. Critically, Smart Lockout uses familiar location and device patterns — a user signing in from their usual location isn't locked out even if attackers are spraying from elsewhere. Combined with Entra ID Password Protection (banning weak passwords) and MFA, Smart Lockout is part of the Entra ID account-protection baseline.