I had a very weird attack scenario just happen. One of my Central users received a phishing email asking for the passwords to login to the computers to which they have Central access. I think the only way someone would know which specific computers someone has access to is to login to Central. The user has 2FA enabled, making this extra distressing.
So there's obviously the IP block for individual computers after three failed logins, but is there an organization-wide way to block IPs from logging into Central at all?