Setup a banned password list Azure AD by David Papkin

This post by David Papkin shows how to Set up a banned password list in Azure AD.

David Papkin

 

 

 

 

 

Many organizations find their users create passwords using common local words such as a school, sports team, or famous person, leaving them easy to guess. Microsoft’s custom banned password list allows organizations to add strings to evaluate and block, in addition to the global banned password list, when users and administrators attempt to change or reset a password.

Add to the custom list

Configuring the custom banned password list requires an Azure Active Directory Premium P1 or P2 license. For more detailed information about Azure Active Directory licensing, see the Azure Active Directory pricing page.|

  1. Sign in to the Azure portal and browse to Azure Active DirectoryAuthentication methods, then Password protection (Preview).
  2. Set the option Enforce custom list, to Yes.
  3. Add strings to the Custom banned password list, one string per line
    • The custom banned password list can contain up to 1000 words.
    • The custom banned password list is case-insensitive.
    • The custom banned password list considers common character substitution.
      • Example: “o” and “0” or “a” and “@”
    • The minimum string length is four characters and the maximum is 16 characters.
  4. When you have added all strings, click Save.

Note

It may take several hours for updates to the custom banned password list to be applied.

Modify the custom banned password list under Authentication Methods in the Azure portal

How it works

Each time a user or administrator resets or changes an Azure AD password, it flows through the banned password lists to confirm that it is not on a list. This check is included in any passwords set or changed using Azure AD.

What do users see

When a user attempts to reset a password to something that would be banned, they see the following error message:

Unfortunately, your password contains a word, phrase, or pattern that makes your password easily guessable. Please try again with a different password.

Next steps

Conceptual overview of the banned password lists

Conceptual overview of Azure AD password protection

Enable on-premises integration with the banned password lists

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad?_lrsc=3fa324a9-c07e-4b4b-8219-372204d9caaf

This concludes this post by David Papkin how to Set up a banned password list in Azure AD.

http://davidpapkin.org/

David Papkin favorite movies

Robert Deniro in Taxi Driver

Facebooktwittergoogle_plusredditpinterestlinkedintumblrmail

Leave a Reply

Your email address will not be published. Required fields are marked *