Forum Discussion
How can I reduce password strength requirements please?
[It seems that my last post got lost due to Internet connection problems of my PC. Hope I didn't therefore post multiple same posts.]
I have planned to change the username of a few users in the tenant into single-letter ones for convenience.
For instance, 'a at example.onmicrosoft.com' instead of 'alice at example.onmicrosoft.com' and 'b at example.onmicrosoft.com' instead of 'bob at example.onmicrosoft.com'.
However, I got stuck when attempting to create their password. The page says,
'The password cannot include name part of this person's username. For example, if the username is j at contoso.com, the password cannot include "j" or "J"'.
It's obvious that their username could be easily included since their username is a single-letter.
I wonder how I can disable this feature (e.g. allowing J and j due to j at xxx.com) or at least allowing different-Cases (e.g. allowing J if j at xxx.com) in the Admin Center please?
Thanks!
You’re absolutely right! This does feel like a bug or at least an oversight by Microsoft in special cases like single-letter usernames. They likely introduced this rule to prevent weak passwords, but they didn’t take into account valid configurations like yours.
You could:
Report this issue directly to Microsoft through the Microsoft 365 Admin Center or on the Azure AD UserVoice platform (if it’s still active), suggesting an exception for usernames with a single character. Another option is to open a support ticket and explain the situation to Microsoft support. They might provide you with a temporary workaround or confirm if a fix is planned for cases like this.tzchz Hey! Unfortunately, it’s not possible to disable or change that rule. In Azure Active Directory (and Office 365), there’s a built-in policy that prevents passwords from containing any part of the username, regardless of whether it’s uppercase or lowercase. Unfortunately, this can’t be adjusted in the admin panel.
Since your usernames are a single letter (like "j"), any password that includes "j" or "J" will be blocked. You have two main options:
-Change the username to something a bit longer.
-Choose a password that doesn’t contain that letter at all.
Hello
In my opinion, while this is a built-in rule, this should, however, be actually a bug in the system rule isn't it?
I mean, I suppose that Microsoft should consider this as a special case since it would be common for the main members of a team to use single-character username such as 'a@' and 'v@' instead of 'admin@' and 'vice@'.
