Aug 13 2018
12:29 PM
- last edited on
Jan 14 2022
05:22 PM
by
TechCommunityAP
Aug 13 2018
12:29 PM
- last edited on
Jan 14 2022
05:22 PM
by
TechCommunityAP
Can anyone location MSFT Documentation for exactly what this does?
set-msoluser -StrongPasswordRequired $true
versus
set-msoluser -StrongPasswordRequired $false
The documentation on set-msoluser only states:
"Specifies whether to require a strong password for the user" https://docs.microsoft.com/en-us/powershell/module/msonline/set-msoluser?view=azureadps-1.0
But what I'm trying to find out is, what is the password policy for a strong password, and what is the policy for when this is set to false?
For example, Strong prevents you using your own username in the password, etc. ( I need the full policy definition on a Microsoft documentation site).
Thanks,
Joe
Aug 13 2018 12:33 PM
see https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy
FYI, i would start using the Azure AD Powershell V2 module https://www.powershellgallery.com/packages/AzureAD/2.0.1.16
Set-msoluser is being phased out
Aug 13 2018 01:57 PM
Oct 28 2018 07:19 AM
A little late, but just wanted to complete the thread.
Strong passwords only:
-Requires three out of four of the following:
-Lowercase characters.
-Uppercase characters.
-Numbers (0-9).
-Symbols:
--A – Z
--a - z
--0 – 9
--@ # $ % ^ & * - _ ! + = [ ] { } | \ : ‘ , . ? / ` ~ " ( ) ;
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy
Oct 28 2018 08:56 AM
Also, don't do it! It's shown that adding password complexity doesn't really decrease the risk in your environment. Better to use AzureAD SSPR and AzureAD Password Protection to ensure your users don't pick common passwords.
NIST guidance no longer recommends complex passwords, or regularly changing passwords.
Oct 28 2018 09:07 AM
Oct 28 2018 02:39 PM
SSPR will only allow passwords that match the Azure AD Password complexity requirements when the 'strongpasswordrequired' parameter is set to True. Also, the Azure AD password protection proxy feature is in preview and requires AD integration. For in cloud environments only, it won't work.
Oct 29 2018 08:00 AM
Sorry, @Ipsito_Dutta that's not correct
See https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad as all cloud only account passwords are matched against Microsoft's list of weak passwords. The custom banned list and on premises integration are preview, not checking against weak passwords. It's easy to prove as well.