Login Security, Captcha and Anti-Hammering

Login Security, Captcha and Anti-Hammering

Hi, I was wondering where/when/if there are any options in SDP to prevent brute forcing a users login. 

If we have AD authentication enabled and if we expose our SDP instance to the Internet, then a) people on the internet know our Windows domain names, b) they can use a script to brute force logins - which may also lock the legitimate account.

I haven't seen any anti-hammering option in SDP (i.e. stand down/delay login attempt after x failed login attempts) or Captcha/reCaptcha option, so how do others handle this? Force people to use email only or a VPN to tunnel into the corporate network in order to access SDP (which means no mobile app use)?

If you use the Asset agent on remote machines that aren't connected to the corporate network, then you mist expose SDP to the world without any of these defenses (to allow submitting the asset xml file to the url).

How are people handling this today and can I request a reCaptcha option be added? Anti-hammering or a failed password attempt feature would also be useful...

TJ

        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products