Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Banned passwords dictionary for offline (Azure AD not possible) networks

Copper Contributor


Does Microsoft have any solutions for setting up banned passwords in an offline Windows domain?



5 Replies



By offline, do you mean on-premises AD then yes banned passwords are supported for on-premises AD as well.


Install the Azure AD password protection agent on DCs. See the links below for more info




No like I said, I'm asking is this kind of functionality is available for offline networks without the possibility to have Password Protection Proxy servers beeing online with Azure.



No native AD functionality without Azure AD agent for password blacklisting. There are third party products that integrate with AD can provide this functionality.



I will still recommend Azure AD - same solution cloud and on-prem, take advantage of other Azure AD integrations


Third party - one -off solution for on-prem, requires separate licensing, high TCO, less RIO 


ManageEngine AD Selfservice Plus claims do password blacklisting for on-prem AD, I have not used the tool personally though.