ECP Lockouts

You can discover this issue if you are seeing users getting locked accounts, and when you search the Reporting module for account activity see ECP authentication failed multiple times in close succession.

The issue can be mitigated by disabling Basic authentication requests before they reach RapidIdentity using authentication policies in Exchange Online, see: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online#how-basic-authentication-is-blocked-in-exchange-online.

To replicate the ECP Authentication records in RapidIdentity Reports, uses the following tester from Microsoft:
https://testconnectivity.microsoft.com/tests/O365Eas/input

1. Entered email address.
2. Selected Basic Authentication
3. Entered email for the Microsoft Account
4. Entered an invalid password.

learn.microsoft.comlearn.microsoft.com
Disable Basic authentication in Exchange Online
Learn how to block Basic auth for client authentication in Exchange Online