Microsoft IP ADFS登录失败导致帐户锁定失败 [英] Microsoft IPs Source of ADFS Logon Failures Causing Account Lockout
问题描述
今天上午发布的报告显示,奇怪数量的AD用户帐户被锁定。跳过所有诊断,它被跟踪到我们的ADFS服务器,并且特别来自ADFS代理(面向外)。防火墙日志表明,在启用ADFS
代理策略时,与ADFS代理通信的唯一IP地址全部归Microsoft所有。禁用策略会导致ADFS系统无法记录失败的身份验证,因此源必须来自这些Microsoft地址。我们将
与我们的密码同步到Office 365,因此我们使用ADFS。无论如何,我如何找到如何在源头阻止这种流量?我不相信它与我们的Office 365服务有任何关系,但无法知道。有什么想法,建议吗?
提前致谢。
Reports this morning came in that a strange number of AD user accounts were locked out. Skipping all the diagnosis, it was tracked down to our ADFS server and specifically sourced from ADFS Proxy (outside facing). Firewall logs indicate that while ADFS Proxy policy is enabled, the only IP addresses talking to the ADFS Proxy are all owned by Microsoft as per ARIN. Disabling the policy results in ADFS system not logging failed authentication so the source must be coming from those Microsoft addresses. We do not sync our passwords up to Office 365, thus we use ADFS. Anyway, how do I go about finding out how to stop this traffic at the source? I don't believe it has anything to do with our Office 365 services but have no way of knowing. Any ideas, suggestions? Thanks in advance.
推荐答案
嗨Peter,
Hi Peter,
此论坛重点关注Office的一般性讨论365 ProPlus是Office桌面应用程序。我注意到您的问题与ADFS和Office 365服务身份验证有关。为了更好地解决问题,我建议你可以在Office
365中为管理员论坛提出一个问题,以便进行更多讨论:
This forum focuses on general discussion for Office 365 ProPlus which is the Office desktop applications. I notice your issue is related to ADFS and Office 365 services authentications. To better fix the issue, I suggest you can ask a question in Office 365 for Admins forum for more discussion:
HTTPS://答案。 microsoft.com/en-us/msoffice/forum/msoffice_o365Admin-mso_dep365-mso_o365b
我们建议适当发布的原因是您将获得最合格的受访者群体,和定期阅读论坛的其他合作伙伴可以分享他们的知识,也可以从与我们的互动中学习。感谢您的理解。
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
最好的问候,
Winnie Liang
Best Regards,
Winnie Liang
这篇关于Microsoft IP ADFS登录失败导致帐户锁定失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
