Jul 01 2023 09:31 AM
Even if a user's password contains a banned password, the password change has been accepted.
I have configured on Customer Tenant an On-premises Azure Active Directory Password Protection.
But even if a user's password contains a banned password, the server accepts the banned password.
It says It is compliant!
Troubleshooting shows that all are right.
VerifyProxyConnectivity
VerifyAzureConnectivityViaSpecificProxy
Test-AzureADPasswordProtectionDCAgentHealth -VerifyProxyConnectivity domain.com
Test-AzureADPasswordProtectionDCAgentHealth -VerifyAzureConnectivityViaSpecificProxy domain.com
Troubleshooting DC AGent
DC agent health tests
Test-AzureADPasswordProtectionDCAgentHealth -VerifyPasswordFilterDll
Test-AzureADPasswordProtectionDCAgentHealth -TestAll
Troubelshooting Proxy
Proxy verification of all tests
Test-AzureADPasswordProtectionProxyHealth -TestAll
DC Agent version is the last version. 1.2.177.1
Do you have Ideas why It is not working?
Microsoft says that even if the user's password contains a banned word, the password change will be accepted if it is compliant with password policy complexity 🙂 -
Does anyone have the experience?
Thanks In Advance!
Farhad
Jul 02 2023 08:04 AM
Jul 06 2023 12:01 PM
@fkh090 - Refer to the "Score Calculation" section in this article: Password protection in Azure Active Directory - Microsoft Entra | Microsoft Learn. Even if you have a banned word in your password, you may get an acceptable password if you have additional characters in your password that bring your score up to 5.
Example:
Banned Word: Password
Password: Password1! (Score: 3 -> Rejected)
Password: P@ssword (Score: 1 -> Rejected)
Password: Passw0rd1!@#$% (Score: 7 -> Accepted)