Banned passwords dictionary for offline (Azure AD not possible) networks

Copper Contributor

Hi,

Does Microsoft have any solutions for setting up banned passwords in an offline Windows domain?

 

BR

5 Replies

@extragloves 

 

By offline, do you mean on-premises AD then yes banned passwords are supported for on-premises AD as well.

 

Install the Azure AD password protection agent on DCs. See the links below for more info

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-p...

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-pre...

 

@LM 

 

No like I said, I'm asking is this kind of functionality is available for offline networks without the possibility to have Password Protection Proxy servers beeing online with Azure.

@extragloves 

 

No native AD functionality without Azure AD agent for password blacklisting. There are third party products that integrate with AD can provide this functionality.

@extragloves 

 

I will still recommend Azure AD - same solution cloud and on-prem, take advantage of other Azure AD integrations

 

Third party - one -off solution for on-prem, requires separate licensing, high TCO, less RIO 

 

ManageEngine AD Selfservice Plus claims do password blacklisting for on-prem AD, I have not used the tool personally though.