New Alert for Microsoft 365 Defender Password Spray Detection

Originally posted by Microsoft Apr 20, 2023 Uncategorized 0 Comments

Microsoft 365 Defender is introducing a new “Password spray attacks originating from single ISP” alert to detect password spray attacks originating from authentic cloud service providers. E5 P2 licensed customers will be impacted with this roll out.

When this will happen:

Rollout will begin in mid-April and will be complete by late April.

How this will affect your organization:

 If your team is impacted, please follow these steps:

  • Validate the sign in attempts from the ISP.
  • Validate user’s typical logon patterns.
  • Identify if any users are compromised.
  • Decommission compromised accounts or reset passwords. 
  • Contact your incident response team or contact Microsoft support for investigation and remediation services.

What you need to do to prepare:

 This alert will be enabled automatically. For additional information, please visit this documentation.

Message ID: MC543877

No comments yet

Leave a Reply

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: