Azure AD Password Policy
Azure AD should provide more parameters to configure as per the users need.
For example as per my organisation's Security policy, the minimum password length required is 12. But there is no way to configure this parameter from 8.
The Azure AD platform should provide the ability for users to configure the below password policy at least.
1. Password history
2. Password complexity of temporary password generated by Azure
3. Password length
Christian Barnes commented
This is absolutely essential- especially for THE cloud identity provider.
Like most comments on here- my organisation also has specific password requirements currently not being met by cloud only Azure AD.
Microsoft- please see this and at least consider it!
Microsoft- please see this
Neil Heaton commented
Does this cover guest users - when you invite a guest user to your tennancy the password complexity is set by Microsoft account which meets a share of security requirements but there is nowhere that they have to change the password after x days
Fredrik de Mander commented
It would be perfect if you could apply password conditions to security groups so that you may more easily manage different users instead of having to do changes for each and every one.
Baffling that something so basic is not implemented. We can't move to AzureAD just because we need LocalAD to sync our password policy.
First one is indeed a must features. Mostly the organizations have this as one of the password policy rule they need to be compliant with.
Thought that this was an late season aprils fools joke...
We have spend the last few years hardening our On-prem infrastructure, and recently began moving towards an "Azure only" policy - meaning no sync from On-prem to Azure, but instead do a clean cut, and start fresh in Azure...
So far it seems that Azure AD is a poor version of Windows Server 2003 / 2008, with lack of password policy, PS CmdLets, policies, etc...
According to our PCI standards, we NEED to have atleast 20 characters, and prove and password policy for this in an audit!!!
Severn Dickinson commented
Agreed. The Azure AD password settings seem non-existant. Why isnt this inline with on-prem active directory? I need to enforce password of more than 8 characters!
Jared B. commented
Seems like a no brainer to be implemented. Google, Okta, Onelogin, AWS, etc all have it, where is MSFT on this?
Microsoft. Identity is important.
Matthew Baldwin commented
We are having the same issues on our current project.
Charles Jacks commented
Agreed, the password policy in Azure AD should work like Active Directory (on prem) or Azure AD B2C, which does have more flexibility over setting password policies. The limit of 16, forcing a specific password restriction set, etc. are all outdated ideas. If there is a setting for passwords, then it needs to be adjustable. For example, we should be able to set passwords to as weak or as strong as we like for complexity and length.
Microsoft has this in place for Active Directory, why not in Azure AD?
Being able to deliver password policies based on groups (fine-grain control) would be excellent as well.