Password policies for cloud accounts should provide the same options as AD accounts
Azure Active Directory Cloud-only accounts don’t adhere to our company's password policies. Notably the following company standards are not easily implemented (if at all possible) for cloud only accounts:
Password ot derived from User ID
Password history must be significantly different from the previous 24 passwords.
No repeated characters (e.g. AAAAAbl$%)
Exclude keyboard patterns (e.g. QWERTY789)
Account lockout 6 times in a row during a 30-minute time period
Donnie Byrd commented
I second this. We are struggling with implementing the PCI DSS requirements specifically requirement 8.2.5 that requires users not to be able to use one of the last four passwords.