Forum Discussion
Better Description of what StrongPasswordRequired does
see https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy
FYI, i would start using the Azure AD Powershell V2 module https://www.powershellgallery.com/packages/AzureAD/2.0.1.16
Set-msoluser is being phased out
- Joe StockerAug 13, 2018Bronze ContributorThanks Dean. I've read that document multiple times but I can't seem to find what the *policy* difference is when this parameter is set to true or false?
StrongPasswordRequired $true vs StrongPasswordRequired $false
For example, Strong prevents you using your own username in the password? Anything else?
Thanks!- Ipsito_DuttaOct 28, 2018Brass Contributor
A little late, but just wanted to complete the thread.
Strong passwords only:
-Requires three out of four of the following:
-Lowercase characters.
-Uppercase characters.
-Numbers (0-9).
-Symbols:
--A – Z
--a - z
--0 – 9
--@ # $ % ^ & * - _ ! + = [ ] { } | \ : ‘ , . ? / ` ~ " ( ) ;
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy- StevenC365Oct 28, 2018MVP
Also, don't do it! It's shown that adding password complexity doesn't really decrease the risk in your environment. Better to use AzureAD SSPR and AzureAD Password Protection to ensure your users don't pick common passwords.
NIST guidance no longer recommends complex passwords, or regularly changing passwords.