Credential spraying tests a few common passwords (Password1!, Summer2024!) against many accounts — avoiding lockout by staying under the per-account threshold.
Tools: Spray (dedicated spray tool), MSOLSpray (O365), SprayingToolkit. Effective against: O365, Citrix, VPN portals. Defense bypass: spray at 1 attempt per account per hour. Detection: multiple accounts with failed logins from same source. Modern Entra ID (Azure AD) Smart Lockout detects and blocks spray attacks.