Forum Discussion

NetzenRob's avatar
NetzenRob
Copper Contributor
Jan 25, 2019

O365 password complexity

Hello, We have 10 small business premium licenses and wish to setup the following password complexity requirements but it isn't obvious where I set this in the Office 365 admin portal.   be a ...
office 365
NetzenRob's avatar
NetzenRob
Copper Contributor

Yup, but there are for sure millions of customers who don't have on-prem servers and just use O365.

Hopefully they make the system more comprehensive soon.

ChrisHoardMVP's avatar
ChrisHoardMVP
MVP
Jan 25, 2019
Hi NetzenRob,

Agree with everyone here that there is some limitations on the passwords.

If you want to up the strength of the front door, as 100% cloud users you should be able to enforce Multi-Factor Authentication (MFA) and then combined with the Microsoft Authenticator app this will give you much stronger protection even with 'weak' 16 character passwords.

Just a recommendation.

Best, Chris
  • tonyinthecloud's avatar
    tonyinthecloud
    Brass Contributor
    Aug 11, 2021

    ChrisHoardMVP It is awesome that Microsoft shuts down User Voice after pushing everyone to use that for feedback on features and behaviors that are lacking in the product.  It was bad enough that many important behaviors were not included, and often took years through the User Voice channel.  Now it seems they just don't want to hear it and there is no viable avenue to get these features or behaviors improved in M365.

  • adam deltinger's avatar
    adam deltinger
    MVP
    Jan 25, 2019
    Very good point Chris!! No password will ever be better than having MFA , no matter policy
  • NetzenRob's avatar
    NetzenRob
    Copper Contributor
    Jan 25, 2019
    Thanks guys but we really just want to alter the minimum password length in o365 at the moment to 10chrs.
    Should be easy but isn’t.

    Thanks
    Rob
  • ChrisHoardMVP's avatar
    ChrisHoardMVP
    MVP
    Jan 25, 2019
    Yea - FIDO 2 Security Key with Windows Hello on Azure AD Joined machines.
  • ChrisHoardMVP's avatar
    ChrisHoardMVP
    MVP
    Jan 25, 2019
    Thanks NetzenRob

    Yes, it should. If MFA or Azure AD Connect via Local AD (As Vasil suggested) is not an option then the only possible course of action will be to add your name to the uservoice here

    https://office365.uservoice.com/forums/289138-office-365-security-compliance/suggestions/17888683-allow-alteration-to-the-global-azure-ad-password-p

    Unfortunately, this has been asked for a very long time and its unlikely that they will change the default Azure AD Password Policy any time soon. Wish I could help more.

    Hope that answers your question.

    Best, Chris

Resources