MicrosoftHi,
one question relating to the normalization applied during the password normalization and its documentation at [1]:
The documentation mentions that "1" will be substituted with "l" (lower case L, step 1). In the consecutive steps, the digit 1 is not substituted by a lower case L and in the case of the password "C0ntos0Blank12", normalized to "contosoblank12" is counted towards the score of a password. Should this not be normalized to "CONTOSOBLANKL2" (just for illustration in uppercase)? While this example is still rejected, other password examples might lead to different outcomes if the 1/L makes a difference between a score of 4 or 5...
I also cross-posted this on the documentation feedback / issue tracker [2]
[1] https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad#how-are-passwords-evaluated
[2] https://github.com/MicrosoftDocs/azure-docs/issues/30326
