MicrosoftAwesome resource. Having rolled out Azure AD Password Protection a few times, I see this as incredibly useful. While AAD PP comes with some useful PowerShell commands, they get the same information from the event files. The downside is that these commands need to be run against a DC and the commands fan out to other DC remotely, meaning the person running the command has to be (Domain) Admin. The solution in this post surfaces some really useful information that can be easily shared without requiring elevated privileges.
A strong use case for the solution is if you decided to force password rotation. In a recent example, we changed the password policy from a low number of characters with complexity to "three random words" with no complexity requirement (in line with UK NCSC recommendations). Password protection works by checking for a known password (string) within the password submission, it may be accepted if there are enough additional characters to ensure the password meets the threshold score. This can cause service desk and end users confusion when they get the error message about the password not being accepted but adding a number (additional character) it is then accepted.
