Risky IP for Active Directory Federation Services (ADFS) extranet lockout protection is in public preview
Updated: December 17, 2018
Risky IP is a feature in Azure Active Directory Connect Health for ADFS. Depends on the threshold setup from the portal, Connect Health will notify admins if there are potential IP attacks through ADFS. With Extranet Lockout feature, ADFS will "stop" authenticating the "malicious" user account from outside for a period of time. This prevents your user accounts from being locked out in Active Directory. In addition to protecting your users from an AD account lockout, AD FS extranet lockout also protects against brute force password guessing attacks. The whole IP address list can also be exported from the Connect Health Portal. To get started, visit our documentation today!