Password policy for Global Admins

%3CLINGO-SUB%20id%3D%22lingo-sub-2191812%22%20slang%3D%22en-US%22%3EPassword%20policy%20for%20Global%20Admins%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2191812%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20everyone%20is%20well%20and%20keeping%20safe.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20wanted%20to%20find%20out%20something.........is%20it%20possible%20for%20me%20to%20have%20a%20separate%20and%20more%20secure%20password%20policy%20for%20the%20Global%20Admins%20in%20my%20tenant%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2191812%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2200604%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20policy%20for%20Global%20Admins%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2200604%22%20slang%3D%22en-US%22%3EThere%20isn't%20a%20way%20that%20I%20have%20seen.%20Fine%20grain%20password%20policies%20only%20apply%20to%20to%20Azure%20AD%20DS.%20It%20is%20worth%20considering%20having%20a%20stronger%20password%20policy%20across%20your%20tenancy%20and%20not%20enforce%20password%20changes.%20This%20is%20in%20line%20with%20MS%20best%20practice.%20See%20this%20guide%20for%20details%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fadmin%2Fmisc%2Fpassword-policy-recommendations%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fadmin%2Fmisc%2Fpassword-policy-recommendations%3Fview%3Do365-worldwide%3C%2FA%3E.%20For%20your%20Administrators%20I%20would%20make%20sure%20that%20MFA%20is%20enforced%20either%20through%20the%20per-user%20policies%2C%20or%20ideally%20through%20conditional%20access.%20This%20should%20give%20you%20a%20lot%20of%20protection.%3C%2FLINGO-BODY%3E
Regular Contributor

Hi All

 

Hope everyone is well and keeping safe.

 

I wanted to find out something.........is it possible for me to have a separate and more secure password policy for the Global Admins in my tenant?

 

 

1 Reply
There isn't a way that I have seen. Fine grain password policies only apply to to Azure AD DS. It is worth considering having a stronger password policy across your tenancy and not enforce password changes. This is in line with MS best practice. See this guide for details: https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-.... For your Administrators I would make sure that MFA is enforced either through the per-user policies, or ideally through conditional access. This should give you a lot of protection.