- Some Enter ID accounts were being marked as with compromised credentials
- It seems that it was only Microsoft “generating inadvertently[ing] [false] alerts “
- However, users were getting different explanations from Microsoft
Windows administrators have been informing massive accounts blockages in several organizations after an Enter Microsoft ID update.
Many believe that these were false positives triggered in the new application for the detection of filtered credentials of Enter ID (a new characteristic called Mace Credential Revocation), since the affected accounts had unique and unused passwords.
A user published in a Reddit thread that around half a dozen accounts had been blocked after they were credentials on the dark website, however, those users did not have much in common, which suggests that it was not a directed attack.
Enter ID could be marking false positives
“There are no risky signatures, there are no other risk detections, all are MFA, it is literally the only thing that has appeared today, increasing the risk of these people from zero to high,” said Reddit user.
Under the original publication there are a number of comments from other system administrators who also experienced similar problems, with a user who shared a Microsoft response that suggests that the accounts had been wrongly marked:
“On Friday 4/18/25, Microsoft identified that it was internally registering a subset of update tokens of short -term users for a small percentage of users, while our standard registration process is only to register metadata on such tokens.
The notice sees Microsoft admit “inadvertently generate[ing] Alerts in the protection of ID of entering ”of alleged credentials committed between the 4 AM UTC and the 9 AM UTC on April 20.
Another user said they were cited “Error Code: 53003” for the conditional access policy, while another told him that it had to do with an interruption in their region, although no interruption had been informed or registered.
Techradar Pro He has asked Microsoft to clarify what happened during the weekend and why users seem to have received different explanations. Any update will be published here.
