I hope you must be doing well. I need your valuable input related to b2c password complexity.
I have gone through ms doc here but we have following add on requirements:
1) Repeated history length: User should not be allowed to repeat last 24 passwords while changing password.
2) Account Lockout: After 3 consecutive failed login attempts within 60 minutes, user account should be locked for "N" hours.
3) If an account is not accessed for 90 consecutive days, the account shall be disabled on 91st day and will be delete after 120 days of inactivity.
4) Increment previous passwords should not be allowed while changing password : If last password was P@$$WORD123 next password can not be P@$$WORD124, 125, 126 etc up to 10 increments.
5) Customize audit message when user enters wrong userid or password as "The User Id or Password that you have entered is not correct".
Do you know if we can customize above requirements in b2c custom policies?