Forum Discussion
O365 password complexity
I've just tried to go over this and it seems incredibly long winded, why on earth do Microsoft make it so complicated to adjust password policies?
Unfortunately the documentation did not work/the steps were broken, and I don't really understand the whole B2C concept or what it is exactly. This should be much simpler and built into t he Exchange admin area along with the password expiration options. I really don't understand the thought process behind this.
Thanks anyway, we will just stick with the 8-16 (16 is also an incredibly short limit??) they claim as 'strong'.
Thanks
Rob
This is a common ask, but Microsoft hasn't communicated any plans to change it. The usual recommendation is to redirect the auth process on-premises by either AD FS or PTA so that the on-premises policies are honored.
Yup, but there are for sure millions of customers who don't have on-prem servers and just use O365.
Hopefully they make the system more comprehensive soon.
- Hi NetzenRob,
Agree with everyone here that there is some limitations on the passwords.
If you want to up the strength of the front door, as 100% cloud users you should be able to enforce Multi-Factor Authentication (MFA) and then combined with the Microsoft Authenticator app this will give you much stronger protection even with 'weak' 16 character passwords.
Just a recommendation.
Best, Chris- Very good point Chris!! No password will ever be better than having MFA , no matter policy
- @vasil , do you know more about the azure policies?
