Exclude known and weak passwords from your company.
Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization. On-premises deployment of Azure AD Password Protection uses the same global and custom banned password lists that are stored in Azure AD, and does the same checks for on-premises password changes as Azure AD does for cloud-based changes. These checks are performed during password changes and password reset events against on-premises Active Directory Domain Services (AD DS) domain controllers.
The domain controllers don’t communicate directly with the internet and will not be exposed to the internet. All passwords are checked against the global and custom banned password list directly on the domain controllers. For the download of the global and custom banned, and password list from your Azure AD two or more proxy servers must be installed, depending on the availability requirements of your organization.
The Azure AD Password Protection implementation service supports your organization with the implementation of a custom banned password list, Azure AD Password Protection DC Agents, and Azure AD Password Protection Proxies. The service consists of the following deliverables:
Workshop: During the workshop, we provide you with an overview of Azure AD Password Protection so that you understand the prerequisites, features, and we demonstrate real-world use-cases.
Initial Setup and Configuration: We support you with getting Azure AD Password Protection up and running in your environment by implementing Azure AD Password Protection Proxies, Azure AD Password Protection DC Agents, and a custom banned password list customized for your organization. Also, we check all your AD DS passwords against global password lists to force a password change for the specific users with weak passwords.
Documentation The documentation provides you with the most relevant information about Azure AD Password Protection, and its configuration within your environment.