Configure custom Azure AD Password Policy for M365 Users?

WABGOR_Dave 1 Reputation point
2021-12-16T21:29:04.467+00:00

Hello all,

Does the present Azure AD Free M365 service allow for custom password policies in tenants? I know we can change the expire or not property, and the default minimum characters is 8 with 1 Capital, lowercase and number, however with recent security studies and compute power, these passwords are crack-able in 3 days, max! We would like to make a custom policy depending on role/org.

Presently we have on-premise AD and servers with M365 users, but are not using any type of interconnect.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
788 questions
Microsoft Entra
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mr Sbaa 356 Reputation points
    2021-12-16T23:05:07.63+00:00

    If it comes to password policies, you can only configure the password expiration or enable Smart Lock-out. Speaking about studies, those also mention that password policies are not safe and will not protect you against brute force methods such as password spray attacks. If you want to secure your identities properly, make sure you implement MFA, conditional access, Identity protection etc etc.

    For more info about smart lockout:
    https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout

    For more info about conditional access:
    https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/overview

    0 comments