Microsoft Entra – Microsoft Entra Password Protection – How to enable / configure “Custom Banned Passwords”

Take away from this article

• What are “Custom Banned Passwords” List?
• Need of “Custom Banned Passwords”
• Prerequisites for configuring “Custom Banned Passwords”
• How to enable / configure “Custom Banned Passwords”

Prerequisites

• A working Microsoft Entra tenant with at least a Microsoft Entra ID P1 or trial license enabled.
• An account with at least the Authentication Policy Administrator role.
• Test user – A non-administrator user with a password we know.

What are “Custom Banned Password” List

• The “Custom Banned Passwords” list allows us to enlist the terms.
• These terms are blocked from being used to set passwords in our organization.

Need of “Custom Banned Passwords” list

• In our organization, users often create passwords using common local words. These can include a school, sports team, name of relatives, or famous person.
• These passwords are easy to guess, and weak against dictionary-based attacks.
• To enforce strong passwords in our organization, we use the Microsoft Entra custom banned password list. This feature lets us add specific strings to evaluate and block.
• A password change request fails if there’s a match in the custom banned password list.

How to enable “Custom Banned Passwords“

• Navigate to Microsoft Entra admin center.
• We can navigate to Microsoft Entra admin center through
  • direct URL – https://entra.microsoft.com/#home
  • OR from Microsoft admin center
  • We have detailed article – how to navigate Microsoft Entra admin center. Small Tips and Tricks – Microsoft Entra admin center – How to navigate – Microsoft Entra admin center – https://knowledge-junction.in/2022/12/19/small-tips-and-tricks-microsoft-entra-admin-center-how-to-navigate-microsoft-entra-admin-center/
• As we are in “Microsoft Entra admin center“, we will be on

• From left pane, expand “Protection” menu, we will navigate to “Authentication methods“

• Click on “Authentication methods“, we will navigate to “Authentication Methods” page – https://entra.microsoft.com/#view/Microsoft_AAD_IAM/AuthenticationMethodsMenuBlade/~/AdminAuthMethods/fromNav/Identity

• From “Authentication methods | Policies” page, click on “Password protection” link as in left column of right pane.
• As we click on “Password protection” page, we will navigate to “Password protection” blade as shown in below figure

• As shown in above figure, we have section “Custom banned passwords” with two options
  • Enforce custom list – Enable or disable it.
  • Custom banned password list – here we can include our list of banned passwords.
    • We can include one term per line.
    • The custom banned password list is case-insensitive.
    • We can include up to 1000 terms.
    • The minimum string length is four characters, and the maximum is 16 characters.

REFERENCES

• Small Tips and Tricks – Microsoft Entra admin center – How to navigate – Microsoft Entra admin center – https://knowledge-junction.in/2022/12/19/small-tips-and-tricks-microsoft-entra-admin-center-how-to-navigate-microsoft-entra-admin-center/

Thank you for reading🙂 Life is Beautiful🙂

Have a nice day🙂🙂