Preparing Azure security certifications : SC-900 – Azure AD – password protection and management capabilities – Part 6

Hi All,
Greetings for the day!!!
Continuing simplifying security concepts and preparing for security exams
Today in this article we will discuss one of the Azure AD – Azure AD Password Protection – one of the topic in exam – SC – 900 – Microsoft Security, Compliance, and Identity Fundamental
We have preparation guide for exam – SC – 900 – Microsoft Security, Compliance, and Identity Fundamental – https://knowledge-junction.in/2022/09/09/azure-sc-900-microsoft-security-compliance-and-identity-fundamental-preparation-guide/
Details
- Password Protection is a feature of Azure AD that reduces the risk of users setting weak passwords.
- Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block other weak terms that are specific to your organization
- Azure AD tenant have default Global banned password list
- This default Global banned password list is applied for all users from our Azure AD tenant
- We have an option of Custom banned password list
- Banned password lists requires Azure AD Premium 1 or 2
Global banned password list
- Global banned password list is automatically updated with weak passwords by Microsoft.
- This list is maintained by Azure AD Identity protection team
- Azure AD Identity protection team analyzes security telemetry data to find weak or compromised passwords
- Couple of example of week password are – P@ssw0rd or Password5 and respective variants
- We can not disable Global banned password list. This list is automatically applied to all users, enforced by Microsoft
Custom banned password list
- Admins can create Custom banned password list
- The Custom banned password list is combined with the global banned password list to block variations of all the passwords
Updating Custom banned password list in Azure AD
- Navigate to Azure AD admin center – we have detailed article on how to navigate Azure AD admin center – Azure Active Directory admin center – navigating to Azure Active Directory admin center
- We will be Azure AD admin center dashboard as
- From Azure AD dashboard, navigate to “All services”
- From left pane click on “All services” menu / link
- “Azure AD Password protection” service is available in “Security” category as shown in below fig
- On click of “Security” category we will be redirected to Security blade – please check the URL
- From Security category please select the service – “Azure AD Password protection” service as shown in above fig
- We will be redirected to “PasswordProtectionBlade” , please check the URL in below fig
- On “Password protection” page, we could see the option for “Custom banned passwords” list
- Enforce custom list – whether we need to enable custom list or not
- Custom banned password list – specifying the list of text / strings which we need to ban
Example for Custom banned password list
- We have enabled option for “Enforce custom list” as shown in below fig
- In “Custom banned password” list added the text – prasham

- When we change password for any user and try to use the password from “Custom banned password” list we will get following error as shown in below fig
Thanks for reading ! If its worth at least reading once, kindly please like and share !!! SHARING IS CARING 🙂
Enjoy the beautiful life !!! Have a FUN !!! HAVE A SAFE LIFE !!! TAKE CARE 🙂
You must be logged in to post a comment.