Azure AD Password Protection Generally Available
Microsoft has finished the preview for Azure AD Password Protection and made the service generally available. Azure AD Password Protection is a new policy-based security service for Azure AD that prevents the use of weak passwords and protects against password spray attacks. According to Microsoft, the service is not limited to the cloud, but is also available to secure identities in hybrid environments.
Azure AD Password Protection provides the following configuration options:
- Intelligent lockout threshold (number of login failures until account blocking) and account blocking duration.
Create your own enterprise-wide blacklist of forbidden strings for use in passwords. This complements the basically database of the protection service, the global banned password list. Microsoft generates the list by evaluating data collected in threat scenarios. This adds frequently used and already "compromised" passwords to the list.
- Azure AD Password Protection for Windows Server Active Directory simplifies the deployment of password Policies to the on-premise Active Directory with a standalone audit mode ("what-if").
Azure AD Password Protection requires an Azure AD Premium P1 or P2 license for each synchronized user.