Banned passwords dictionary for offline (Azure AD not possible) networks

%3CLINGO-SUB%20id%3D%22lingo-sub-790244%22%20slang%3D%22en-US%22%3EBanned%20passwords%20dictionary%20for%20offline%20(Azure%20AD%20not%20possible)%20networks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-790244%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EDoes%20Microsoft%20have%20any%20solutions%20for%20setting%20up%20banned%20passwords%20in%20an%20offline%20Windows%20domain%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBR%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-800351%22%20slang%3D%22en-US%22%3ERe%3A%20Banned%20passwords%20dictionary%20for%20offline%20(Azure%20AD%20not%20possible)%20networks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-800351%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387895%22%20target%3D%22_blank%22%3E%40extragloves%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBy%20offline%2C%20do%20you%20mean%20on-premises%20AD%20then%20yes%20banned%20passwords%20are%20supported%20for%20on-premises%20AD%20as%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInstall%20the%20Azure%20AD%20password%20protection%20agent%20on%20DCs.%20See%20the%20links%20below%20for%20more%20info%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-password-ban-bad-on-premises%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-password-ban-bad-on-premises%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CFONT%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-password-ban-bad-on-premises-deploy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fauthentication%2Fhowto-password-ban-bad-on-premises-deploy%3C%2FA%3E%3C%2FFONT%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-800935%22%20slang%3D%22en-US%22%3ERe%3A%20Banned%20passwords%20dictionary%20for%20offline%20(Azure%20AD%20not%20possible)%20networks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-800935%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F8188%22%20target%3D%22_blank%22%3E%40Lavanya%20Murthy%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENo%20like%20I%20said%2C%20I'm%20asking%20is%20this%20kind%20of%20functionality%20is%20available%20for%20offline%20networks%20without%20the%20possibility%20to%20have%20Password%20Protection%20Proxy%20servers%20beeing%20online%20with%20Azure.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-801128%22%20slang%3D%22en-US%22%3ERe%3A%20Banned%20passwords%20dictionary%20for%20offline%20(Azure%20AD%20not%20possible)%20networks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-801128%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387895%22%20target%3D%22_blank%22%3E%40extragloves%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENo%20native%20AD%20functionality%20for%20password%20blacklisting.%20There%20are%20third%20party%20products%20that%20integrate%20with%20AD%20can%20provide%20this%20functionality.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-801131%22%20slang%3D%22en-US%22%3ERe%3A%20Banned%20passwords%20dictionary%20for%20offline%20(Azure%20AD%20not%20possible)%20networks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-801131%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F8188%22%20target%3D%22_blank%22%3E%40Lavanya%20Murthy%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20suggestions%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-801466%22%20slang%3D%22en-US%22%3ERe%3A%20Banned%20passwords%20dictionary%20for%20offline%20(Azure%20AD%20not%20possible)%20networks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-801466%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F387895%22%20target%3D%22_blank%22%3E%40extragloves%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20will%20still%20recommend%20Azure%20AD%20-%20same%20solution%20cloud%20and%20on-prem%2C%20take%20advantage%20of%20other%20Azure%20AD%20integrations%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThird%20party%20-%20one%20-off%20solution%20for%20on-prem%2C%20requires%20separate%20licensing%2C%20high%20TCO%2C%20less%20RIO%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EManageEngine%20AD%20Selfservice%20Plus%20claims%20do%20password%20blacklisting%20for%20on-prem%20AD%2C%20I%20have%20not%20used%20the%20tool%20personally%20though.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi,

Does Microsoft have any solutions for setting up banned passwords in an offline Windows domain?

 

BR

5 Replies

@extragloves 

 

By offline, do you mean on-premises AD then yes banned passwords are supported for on-premises AD as well.

 

Install the Azure AD password protection agent on DCs. See the links below for more info

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-p...

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-pre...

 

@LM 

 

No like I said, I'm asking is this kind of functionality is available for offline networks without the possibility to have Password Protection Proxy servers beeing online with Azure.

@extragloves 

 

No native AD functionality without Azure AD agent for password blacklisting. There are third party products that integrate with AD can provide this functionality.

@extragloves 

 

I will still recommend Azure AD - same solution cloud and on-prem, take advantage of other Azure AD integrations

 

Third party - one -off solution for on-prem, requires separate licensing, high TCO, less RIO 

 

ManageEngine AD Selfservice Plus claims do password blacklisting for on-prem AD, I have not used the tool personally though.