A Microsoft security update meant to protect users ended up locking them out instead. We’ll cover the root cause and its solution as we sit down and sync up with Rocket IT’s weekly technology update.

In this episode, you’ll hear more about:

• Why Microsoft users were suddenly locked out
• New security feature behind the issue
• Why personal accounts weren’t hit
• Microsoft’s temporary fix
• How to restore access quickly

Video Transcript

Over the weekend, security news source, Bleeping Computer, reported that organizations using Microsoft Entra ID were hit by a wave of false-positive sign-in risk detections. This led to a chain reaction of account lockouts and blocked access.

The issue began shortly after Microsoft started rolling out a feature called MACE Credential Revocation. This tool is designed to automatically revoke access when a user’s credentials are suspected of being compromised. But in this case, MACE was a little too aggressive.

It misclassified legitimate activity as risky, leading to what Microsoft is calling an increased number of false positives. That caused Conditional Access policies to kick in, and for many users, that meant getting locked out of key accounts with no warning.

For context, Conditional Access is a system that controls who can access what, based on things like sign-in location, device health, or perceived risk. So, when Entra flags a sign-in as risky, Conditional Access may block the user completely.

Now, it’s worth noting, this issue primarily impacts organizations with Conditional Access and other security policies in place. If you’re using a personal Microsoft account or operate in a less controlled environment, chances are you didn’t feel any impact from this rollout.

To get things back to normal, Microsoft recommends disabling MACE Credential Revocation to stop the false alerts. From there, administrators should review any Conditional Access policies that were triggered and use the Microsoft Entra portal to unlock affected user accounts. These steps should restore access and help prevent further disruptions while Microsoft works on a fix.

Microsoft has paused the rollout, but if your organization was affected, you’re not alone. Still, here’s the bigger question, how quickly did you recover? A trusted IT partner, like Rocket IT, can help prevent scenarios like this from spiraling out of control. By staying on top of new Microsoft features, spotting early red flags, and knowing how to roll back changes fast, a partner can keep your team online. For help pertaining to security and Microsoft products, contact Rocket IT using the link in this video’s description. And to stay up to date on trending technology news, hit that subscribe button and the bell to catch us on next week’s episode of Sync Up with Rocket IT.