Exclude known and weak passwords from your company.
Entra ID Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization. On-premises deployment of Entra ID Password Protection uses the same global and custom banned password lists that are stored in Entra ID, and does the same checks for on-premises password changes as Entra ID does for cloud-based changes. These checks are performed during password changes and password reset events against on-premises Active Directory Domain Services (AD DS) domain controllers.
The domain controllers don’t communicate directly with the internet and will not be exposed to the internet. All passwords are checked against the global and custom banned password list directly on the domain controllers. For the download of the global and custom banned, and password list from your Entra ID two or more proxy servers must be installed, depending on the availability requirements of your organization.
The Entra ID Password Protection implementation service supports your organization with the implementation of a custom banned password list, Entra ID Password Protection DC Agents, and Entra ID Password Protection Proxies. The service consists of the following deliverables:
Workshop: During the workshop, we provide you with an overview of Entra ID Password Protection so that you understand the prerequisites, features, and we demonstrate real-world use-cases.
Initial Setup and Configuration: We support you with getting Entra ID Password Protection up and running in your environment by implementing Entra ID Password Protection Proxies, Entra ID Password Protection DC Agents, and a custom banned password list customized for your organization. Also, we check all your AD DS passwords against global password lists to force a password change for the specific users with weak passwords.
Documentation The documentation provides you with the most relevant information about Entra ID Password Protection, and its configuration within your environment.