Is there possibility to set number of ActiveSync tries when the device is authenticating via SEG?

RagnarBlack · 2019-02-28 08:39:14 UTC

Hello all,

our ADFS masters have turned on the ADFS smartlockout feature with x# of tries before lockout.
It looks that the device is doing multiple ActiveSync requests with the old cached password and then when the app realise that the password has changed and ask user for it, the ADFS smartlockout already locked the device authentication and restricted the possibility for the device to log in for some preset of time.

I really doubt that we can change the numbers of tries, but I want to ask anyway.

We are using inbox and boxer, happens on both.

Thanks for any insides.

daniil_michine · 2019-02-28 15:19:44 UTC

Are you using exchange on prep or exchange online?
With hybrid configuration or EXO only you can use “modern auth” which I believe will resolve the issue.

Else you can look at certificate based authentication which will also address the problem.
CBA is supported by boxer.

RagnarBlack · 2019-03-01 08:08:35 UTC

We are using exchange online.

Nice found the modern auth, will test. Thanks a lot!

RagnarBlack · 2019-03-01 10:58:44 UTC

Got another question,

the modern auth is kind of working. But our security want to add some specific string to the request to ADFS for security reasons.

Any idea if this is possible?

daniil_michine · 2019-03-03 21:03:56 UTC

Unlikely, but really depends on the auth flow and at which part you are wanting to include a string