Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Banned passwords dictionary for offline (Azure AD not possible) networks

Copper Contributor

Hi,

Does Microsoft have any solutions for setting up banned passwords in an offline Windows domain?

 

BR

5 Replies

@extragloves 

 

By offline, do you mean on-premises AD then yes banned passwords are supported for on-premises AD as well.

 

Install the Azure AD password protection agent on DCs. See the links below for more info

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-p...

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-pre...

 

@LM 

 

No like I said, I'm asking is this kind of functionality is available for offline networks without the possibility to have Password Protection Proxy servers beeing online with Azure.

@extragloves 

 

No native AD functionality without Azure AD agent for password blacklisting. There are third party products that integrate with AD can provide this functionality.

@extragloves 

 

I will still recommend Azure AD - same solution cloud and on-prem, take advantage of other Azure AD integrations

 

Third party - one -off solution for on-prem, requires separate licensing, high TCO, less RIO 

 

ManageEngine AD Selfservice Plus claims do password blacklisting for on-prem AD, I have not used the tool personally though.