There is a well-known rule in technology that no unannounced upgrades are permitted on holidays or weekends, so everyone’s Monday isn’t hell.

At approximately 1AM CDT on 4/19/2025, Microsoft Office 365 tenants worldwide began experiencing cases where one or more users were being flagged as high risk due to leaked credentials.

Users using the self-service password reset are unable to change their password receiving messages like “Unknown error due to network connectivity or communications problems”.

Admins can reset user passwords, but users still receive “User At Risk” message and cannot successfully reset their password.

There have been no reported attacks and ironically because of the holiday weekend, there still is no statement from Microsoft or any advisories in the health status of Office 365 or Azure. 

Affected tenants can be identified by the presence of an enterprise application named MACE Credential Revocation.

From various reports from Reddit and other blogs, this issue is reported and often confirmed with a Microsoft Support case as a false positive.

Steps to Fix This Issue

Open Security – Microsoft Entra admin center to see if and which users are affected. Select Identity Protection – Risky users – Confirm user(s) safe.

Normal procedure would be to revoke all authenticated sessions and reset the password, but in this case users have no way of knowing the new password without some kind of phone call or text.

If your Microsoft Cloud Solution Provider is not helping you with your business or notifying you of issues like these, then you should make a change today.

Published by Kevin Fream

Many people don't understand their current situation and become frustrated in business and life, so I created the Delta Method and wrote the #1 Best-Seller "Change Your Game" - as featured at Harvard and NASDAQ as well as national TV news. Streamline your technology for competitive advantage using vetted IT support and take a divergent approach to personal growth. View all posts by Kevin Fream