Preparing Azure security certifications : SC-900 – Azure AD – password protection and management capabilities – Part 6

Azure AD admin center - Security - Azure AD Password protection - Updating custom banned password list
Azure AD admin center - Security - Azure AD Password protection - Updating custom banned password list

Hi All,

Greetings for the day!!!

Continuing simplifying security concepts and preparing for security exams

Today in this article we will discuss one of the Azure AD – Azure AD Password Protection – one of the topic in exam – SC – 900 – Microsoft Security, Compliance, and Identity Fundamental

We have preparation guide for exam – SC – 900 – Microsoft Security, Compliance, and Identity Fundamental – https://knowledge-junction.in/2022/09/09/azure-sc-900-microsoft-security-compliance-and-identity-fundamental-preparation-guide/

Details

  • Password Protection is a feature of Azure AD that reduces the risk of users setting weak passwords.
  • Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block other weak terms that are specific to your organization
  • Azure AD tenant have default Global banned password list
  • This default Global banned password list is applied for all users from our Azure AD tenant
  • We have an option of Custom banned password list
  • Banned password lists requires Azure AD Premium 1 or 2

Global banned password list

  • Global banned password list is automatically updated with weak passwords by Microsoft.
  • This list is maintained by Azure AD Identity protection team
  • Azure AD Identity protection team analyzes security telemetry data to find weak or compromised passwords
  • Couple of example of week password are – P@ssw0rd or Password5 and respective variants
  • We can not disable Global banned password list. This list is automatically applied to all users, enforced by Microsoft

Custom banned password list

  • Admins can create Custom banned password list
  • The Custom banned password list is combined with the global banned password list to block variations of all the passwords

Updating Custom banned password list in Azure AD

fig : Azure AD admin center - dashboard
fig : Azure AD admin center – dashboard
  • From Azure AD dashboard, navigate to “All services
  • From left pane click on “All services” menu / link
  • Azure AD Password protection” service is available in “Security” category as shown in below fig
  • On click of “Security” category we will be redirected to Security blade – please check the URL
fig : Azure AD admin center - Security - Azure AD Password protection
fig : Azure AD admin center – Security – Azure AD Password protection
  • From Security category please select the service – “Azure AD Password protection” service as shown in above fig
  • We will be redirected to “PasswordProtectionBlade” , please check the URL in below fig
fig : Azure AD admin center - Security - Azure AD Password protection
fig : Azure AD admin center – Security – Azure AD Password protection
  • On “Password protection” page, we could see the option for “Custom banned passwords” list
    • Enforce custom list – whether we need to enable custom list or not
    • Custom banned password list – specifying the list of text / strings which we need to ban

Example for Custom banned password list

  • We have enabled option for “Enforce custom list” as shown in below fig
  • In “Custom banned password” list added the text – prasham
fig : Azure AD admin center - Security - Azure AD Password protection - Updating custom list
fig : Azure AD admin center – Security – Azure AD Password protection – Updating custom banned password list
  • When we change password for any user and try to use the password from “Custom banned password” list we will get following error as shown in below fig
fig : Error while using the password from Custom banned password list
fig : Error while using the password from Custom banned password list

Thanks for reading ! If its worth at least reading once, kindly please like and share !!! SHARING IS CARING πŸ™‚

Enjoy the beautiful life !!! Have a FUN !!! HAVE A SAFE LIFE !!! TAKE CARE πŸ™‚

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: