When attempting to log on to RM Unify, you receive the following error message:

"You can't sign in because your account has been temporarily locked due to several incorrect sign in attempts".

Clicking 'View details' shows:

"The request that locked the account came from <IP address>.
Either wait for your account to automatically unlock at <time> or ask your administrator to reset your password via the RM Unify Management Console".

The details may also show that the request came via a Microsoft® 365™ server, as part of an SMTP authentication attempt (as per the screenshot above):

"The request that locked the account came from <IP address> via <Microsoft 365 IP address> using Microsoft.Exchange.SMTP".

The lockout policy is an RM Unify security measure implemented to ensure that your account cannot be 'hacked' via a brute force attack by malicious third parties using automated software to 'guess' your password. Let's look at what would happen:

• A bad actor (hacker) has a list of 10,000 commonly used/most cracked passwords
• They try the first five passwords in their list against an RM Unify user account, unsuccessfully
• RM Unify locks the user account for four minutes
• After four minutes, the bad actor tries password number six, unsuccessfully
• RM Unify locks the user account for 16 minutes
• After 16 minutes, the bad actor tries password number seven, unsuccessfully
• RM Unify locks the user account for 1 hour 4 minutes
• By the time the bad actor gets to password number 14, they would have to wait two years to try again*

This makes the effort involved prohibitive, dissuades the hackers, and so access to any and all data held in Microsoft 365 or Google Workspace, etc. is safeguarded.

*on the 20th guess, they would have to wait over 8000 years ��

If you have either Microsoft 365 or Google Workspace federated (linked) to RM Unify and have also configured a mail client, such as Microsoft Outlook® to download your mail, you need to be aware of some specific behaviour.

If you were to change your RM Unify password, possibly via a network password reset synchronised to RM Unify via AD Sync installed to your local network within around one minute, you will be able to log on to RM Unify using your new password. However, your email client will need to also be updated with the new password to authenticate with RM Unify and allow access to your mailbox. If the password is not manually updated in your email client and five or more attempts by it to authenticate with RM Unify subsequently fail, then your RM Unify account will show as locked, as per the symptoms in this article.

1. Run a virus and malware scan on your devices to make sure they are not infected.
2. Ensure that your RM Unify password is correct, known only to you and has been used to update any and all applications or software that authenticate against RM Unify. This will include desktop PCs, laptops, mobile phone apps, tablets, etc.

Note: A password reset by an RM Unify Super Admin or Password Admin, made only via the RM Unify Management Console, will unlock the locked account. If the locked account has been provisioned via AD Sync, you will need to reset the network password again to bring RM Unify and the network account back into sync.

The IP address displayed in the 'View details' section may not be the address of the specific computer from which the last password attempt was tried. If you have a proxy server as part of your Internet connectivity solution, the proxy will mask the IP addresses of your local computers and present only its own IP address to RM Unify. This is standard proxy server behaviour, as described here - http://whatismyipaddress.com/proxy-server.

If the IP address is suspicious (e.g., a check of https://www.whois.com/whois/ shows that the IP is registered in China, Russia, or even just a country not linked to any person or persons in your establishment), and you know that the attempted login was made using an Microsoft 365 email address (using Microsoft.Exchange.SMTP), then you may have another option to safeguard your users: Azure Active Directory (Azure AD) conditional access.

With Azure AD conditional access, you can control how authorised users can access Microsoft 365. The location condition of a conditional access policy enables you to tie access controls settings to the network locations of your users. Further information on this can be found here - https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-locations.

RM can assist you with this Microsoft 365 configuration. For further information, please speak to your Sales representative on 01235 645 316 and quote 'Microsoft 365 Azure AD Identity Protection Service'.

The RM Unify username and email address credentials operate independently of each other with regard to the lockout policy. For example, if the failed logon attempts have been made using username as the logon credential, it is only the username credential which will be locked out. Log on via the email address and correct password should still succeed. The same applies vice versa; if the email address credential is locked out, log on via username and the correct password will succeed.

Please note: Your actual email address itself, be that Microsoft 365 or Google Workspace, will not be disabled or made inactive while the access to it is locked; emails will still be received.