Microsoft Introduced New Azure Password-Banning Tool

Do you know how many cloud applications are being accessed by your employees?
Are your employees sharing valuable information via emails and attachments?
Is Your Help Desk Inundated with Password Reset Requests Over and Over?
Get Started With A FREE Trial Get Started With A FREE Trial Request a Consultation Request a Consultation Download FREE MOBILE DEVICE SECURITY REPORT

Azure AD Protection

6 days ago for public preview, Microsoft released the public preview of the new Azure Active Directory tool that will help admins kill off bad passwords in the enterprise. The tool, called Azure AD Password Protection, offers a new way of protecting Azure AD and Windows Server Active Directory accounts from users with bad password habits.

What does it Do?

The tool contains a list of 500 of the most commonly used passwords and helps blocks a million more that contain character-based variations on these bad passwords. That means since ‘password’ is already blocked, users won’t be able to set their password to ‘P@ssword’ or ‘P@$$w0rd’.

Microsoft argues that Azure AD Password Protection will “dramatically lower the risk” of being compromised by a so-called “password spraying” attack.

Password spraying is designed to get around ‘rate limiting’, where a system caps the number of attempts to log in to a single account before locking it down. These attackers use ubiquitous passwords like “Password1” against several accounts knowing that a small fraction will in fact be secured with these passwords.

AD Password Protection

What Microsoft is Saying

Microsoft argues that the banned passwords approach is superior to password complexity rules, such as requiring multiple character types, which users often respond to by picking a password with a capital at the front followed by a few number-alphabet substitutions.

Thus, requiring users to change passwords periodically often leads to users picking easy-to-remember passwords based on sports teams and so on.

However, one catch is that Azure AD Premium Password Protection is limited to enterprise subscribers on the Azure AD Premium 1 tier.

Here is how you can get started with Azure AD Protection

By default, all Azure AD password set and reset operations for Azure AD Premium users are configured to use Azure AD password protection. To configure a custom list of banned password strings for your organization and to configure Azure AD password protection for Windows Server Active Directory, follow the below simple steps here:

For more information on Azure and security email or visit

(Visited 69 times, 1 visits today)