The IAM Event - Account Locked event occurs when a user (or more commonly a hacker or bot) attempts to log in to the account repeatedly in rapid succession. Microsoft then locks the account. The account is unlocked after 15 minutes. If the hacker or bot tries again and re-locks the account SaaS Alerts tracks that activity. If the Account is locked by this repeated action more than 3 times within 12 hours, SaaS Alerts creates an IAM Event - Multiple Account Locks Alert.
Contact the Customer or User and make them aware of this event. Confirm if the User has been able to gain access to their SaaS Application. For some applications, this action only occurs when triggered by an administrator.