Banned passwords dictionary for offline (Azure AD not possible) networks

Question

Hi,Does Microsoft have any solutions for setting up banned passwords in an offline Windows domain?&nbsp;BR

lm · Answer

extragloves&nbsp;&nbsp;By offline, do you mean on-premises AD then yes banned passwords are supported for on-premises AD as well.&nbsp;Install the Azure AD password protection agent on DCs. See the links below for more info&nbsp;https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises&nbsp;https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy&nbsp;

extragloves · Answer

LM&nbsp;&nbsp;No like I said, I'm asking is this kind of functionality is available for offline networks without the possibility to have Password Protection Proxy servers beeing online with Azure.

lm · Answer

extragloves&nbsp;&nbsp;No native AD functionality without Azure AD agent for password blacklisting. There are third party products that integrate with AD can provide this functionality.

extragloves · Answer

LM&nbsp;&nbsp;Any suggestions?

lm · Answer

extragloves&nbsp;&nbsp;I will still recommend Azure AD - same solution cloud and on-prem, take advantage of other Azure AD integrations&nbsp;Third party - one -off solution for on-prem, requires separate licensing, high TCO, less RIO&nbsp;&nbsp;ManageEngine AD Selfservice Plus claims do password blacklisting for on-prem AD, I have not used the tool personally though.&nbsp;

Forum Discussion

Banned passwords dictionary for offline (Azure AD not possible) networks

5 Replies

Resources