Source: BleepingComputer Author: Lawrence Abrams URL: https://www.bleepingcomputer.com/news/microsoft/widespread-microsoft-entra-lockouts-tied-to-new-security-feature-rollout/

ONE SENTENCE SUMMARY:

A widespread false-positive issue with Microsoft’s new Entra ID “MACE Credential Revocation” app mistakenly locked numerous user accounts.

MAIN POINTS:

1. Microsoft Entra ID’s new MACE app rollout triggered widespread false account lockouts.
2. Alerts began last night, locking accounts that had unique passwords and MFA protections.
3. Admins reported thousands of lockout notifications across multiple organizations.
4. Reddit threads confirm multiple businesses experienced significant user account impacts.
5. Affected accounts showed no suspicious activity or matching data breaches.
6. Microsoft privately attributed the issue to errors during MACE app deployment.
7. The MACE Credential Revocation app detects leaked credentials to protect user accounts.
8. Lockouts were mistakenly flagged as leaked credentials from dark web breaches.
9. Microsoft has not yet publicly acknowledged or explained the incident officially.
10. Administrators should verify alerts but recognize mass lockouts likely due to rollout issue.

TAKEAWAYS:

1. Carefully monitor automated security rollouts for potential false positives.
2. Confirm alerts with independent breach notification tools like Have I Been Pwned.
3. Maintain clear communication channels with vendors to quickly resolve issues.
4. Consider temporarily disabling automated lockout actions during major updates.
5. Ensure rapid internal communication to minimize user disruption during incidents.