cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Where find account with leaked password

Marek_Belan
Brass Contributor

‎Dec 08 2021 04:22 AM - last edited on ‎Jan 14 2022 03:29 PM by

‎Dec 08 2021 04:22 AM - last edited on ‎Jan 14 2022 03:29 PM by

Where find account with leaked password

Hi
we setup password has sync and all about azure ad assword protection in audit mode.

Now where i find account with leaked password?

When i try chenge password do som leaked pass like asdf123456789, in evenlog i see password would normally have been rejected but in audit mode its ok.

So now i need somewhere view all users with leaked password.
Where to find this info?

4,163 Views
1 Like
11 Replies
Reply
11 Replies
BilalelHadd

‎Dec 09 2021 12:07 AM

‎Dec 09 2021 12:07 AM

Re: Where find account with leaked password

Hi @Marek_Belan,

Great to hear that you have found your way to use Azure AD Password Protection.

As far as my knowledge goes, you won't be able to request a list of the leaked passwords.
Furthermore, since Microsoft purchases leaked passwords from several sources (e.g., Dark web), you won't get a list with the passwords known as leaked passwords on the so-called Global Banned Password List. The user only will receive a prompt that the password does not meet the length, complexity, or history requirements. It also won't read all the current passwords. Azure AD Password Protection only will audit or enforce newly created/configured passwords.

I hope this answers your question.
0 Likes
Reply
Marek_Belan

‎Dec 09 2021 12:09 AM

‎Dec 09 2021 12:09 AM

Re: Where find account with leaked password

Hi
i dont want to see leaked password !
I want to see which account have leaked password.
0 Likes
Reply
BilalelHadd

‎Dec 09 2021 12:27 AM

‎Dec 09 2021 12:27 AM

Re: Where find account with leaked password

Hi, again @Marek_Belan,

You won't be able to see users with a leaked password configured. As stated earlier, when changing the configuration to enforced mode, users will be prevented from setting newly created passwords that are on the (custom and global) banned passwords list. The attempt will be, of course, logged.

Does this answer your question?
0 Likes
Reply
Marek_Belan

‎Dec 09 2021 12:35 AM

‎Dec 09 2021 12:35 AM

Re: Where find account with leaked password

So we setup The Azure AD Password Protection and we cant identify users with leaked password??????
0 Likes
Reply
BilalelHadd

‎Dec 09 2021 12:47 AM

‎Dec 09 2021 12:47 AM

Re: Where find account with leaked password

@Marek_Belan,

Did you already read the Microsoft documentation about this feature? I assume not. Your suggestion would be a great feature request but isn't available at the moment.

--
When a user changes or resets their password, the new password is checked for strength and complexity by validating it against the combined list of terms from the global and custom banned password lists.

Even if a user's password contains a banned password, the password may be accepted if the overall password is otherwise strong enough. A newly configured password goes through the following steps to assess its overall strength to determine if it should be accepted or rejected:
--
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-p...

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-pre...
0 Likes
Reply
Marek_Belan

‎Dec 09 2021 01:08 AM

‎Dec 09 2021 01:08 AM

Re: Where find account with leaked password

Password hash synchronization
Risk detections like leaked credentials require the presence of password hashes for detection to occur. For more information about password hash synchronization, see the article, Implement password hash synchronization with Azure AD Connect sync.

So where is the risk? We setup hash sync, user has leaked pasword, where i see rising risk of this user?
0 Likes
Reply
BilalelHadd

‎Dec 09 2021 01:19 AM

‎Dec 09 2021 01:19 AM

Re: Where find account with leaked password

If you want to see a current overview of the Risky sign-ins or Risky users, you must have an Azure AD Premium P2 license. I have written a blog about Azure AD Password Protection that might help you.

https://www.bilalelhaddouchi.nl/index.php/2020/04/24/azure-ad-password-protection/

I would recommend you read the license requirements.
0 Likes
Reply
Marek_Belan

‎Dec 09 2021 01:20 AM

‎Dec 09 2021 01:20 AM

Re: Where find account with leaked password

We have on all users Microsoft 365 E5 Security....
0 Likes
Reply
BilalelHadd

‎Dec 09 2021 01:23 AM

‎Dec 09 2021 01:23 AM

Re: Where find account with leaked password

In that case, see the following article which gives you insights on how to, e.g., investigate risks within your tenant. But, again, I don't want to sound rude, but these kinds of things can be found on Google easily.

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protectio...

I hope this helps and good luck!
0 Likes
Reply
Marek_Belan

‎Dec 09 2021 01:25 AM

‎Dec 09 2021 01:25 AM

Re: Where find account with leaked password

This is primary problem.
User have leaked password BUT DONT HAVE RISED RISK.
0 Likes
Reply
BilalelHadd

‎Dec 09 2021 02:43 AM

‎Dec 09 2021 02:43 AM

Re: Where find account with leaked password

Hello again. I would advise you to create a support request so one of the Microsoft engineers can dig into this behavior.
0 Likes
Reply