This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 27%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOF%3C/text%3E%3C/svg%3E)
I'm looking for a way to change the settings for Password protection in azure via powershell/graph api/azure cli.
The settings I'm looking to change can be found in Azure AD -> Security -> Authentication methods -> Password protection.
Those settings are managed via the so-called "directory settings/templates". To manage them via PowerShell, use the preview module (AzureADPreview) and the Get-AzureADDirectorySettingTemplate/New-AzureADDirectorySetting cmdlet.
Thank you for the answer, I got it working by using the following commands (Attached so others who find this thread can use them in the future):
$BannedPasswords = "apple`tbanana" # List of banned passwords, must use `t instead of enter or space
$CurrentSettings = Get-AzureADDirectorySetting
if ($CurrentSettings | Where-Object {$_.DisplayName -eq "Password Rule Settings"}) {
Remove-AzureADDirectorySetting -Id $CurrentSettings.Id
}
$NewSetting = (Get-AzureADDirectorySettingTemplate | Where-Object {$_.DisplayName -eq "Password Rule Settings"}).CreateDirectorySetting()
$NewSetting.Values = @(@{
Name = "BannedPasswordCheckOnPremisesMode"
Value = "Enforce" # alternative is Audit
};@{
Name = "EnableBannedPasswordCheckOnPremises"
Value = $true
};@{
Name = "EnableBannedPasswordCheck"
Value = $true
};@{
Name = "LockoutDurationInSeconds"
Value = 900
};@{
Name = "LockoutThreshold"
Value = 15
};@{
Name = "BannedPasswordList"
Value = $BannedPasswords
})
$null = New-AzureADDirectorySetting -DirectorySetting $NewSetting
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 56.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
I am facing "Invoke-RestMethod : The remote server returned an error: (400) Bad Request." error using below code
$lockoutDurationInSeconds = '120'
$lockoutThreshold = '120'
$bannedPasswordList = 'UnitedStates'
$body = (@{
"values"= @(@{
Value = "Enforce"
name = "BannedPasswordCheckOnPremisesMode"
}; @{
Value = $true
name = "EnableBannedPasswordCheckOnPremises"
}; @{
Value = $true
name = "EnableBannedPasswordCheck"
}; @{
Value = $lockoutDurationInSeconds
name = "LockoutDurationInSeconds"
}; @{
Value = $lockoutThreshold
name = "LockoutThreshold"
}; @{
Value = $bannedPasswordList
name = "BannedPasswordList"
})
"templateId"= "XXXX"
} | ConvertTo-Json)
try {
$uri = "https://graph.microsoft.com/v1.0/groupSettings"
Invoke-RestMethod -Headers $header -Uri $uri -Method Post -Body $body -UseBasicParsing
Write-Information -InformationAction Continue "Password protection has been enabled"
}
catch {
Write-Information -InformationAction Continue "Failed to set password protection, Error:$($_.exception)"
throw
}
Could you please help me on resolving this?