How can we improve Azure Active Directory?

Customizable Password Policy and Account Locking Features

1. Configurable password requirements (e.g., complex passwords, password length, character limitations etc)
2. Configurable number of attempts before Account is locked

38 votes
Sign in
Sign in with: Microsoft
Signed in as (Sign out)

We’ll send you updates on this idea

Andy T shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

Hey folks, thanks for the interest in this, and we have some good news to share. Configurable lockout is in development now (mostly done, actually) and we’re aiming for June or July public preview.

For configurable password complexity, length, etc, we hear you. Longer passwords are in planning now, and we’re thinking about our approach to how we want to enable the other configurability features. I don’t have any more details to share on this for now, but we do have interest in building features.


Sign in
Sign in with: Microsoft
Signed in as (Sign out)
  • Mike commented  ·   ·  Flag as inappropriate

    Where is this at? The last comment was nearly a year ago that work was underway with and estimated delivery of last July.

  • jimmy commented  ·   ·  Flag as inappropriate

    How is it going with strong password policies? When can we configure. Password length, complexity, lookout? Your recommendation is to have two cloud global admin outside sync to ensure access to office 365. We want to make sure these accounts are enforced for strong passwords.

    It would also be great if you could skip 16 letter limits so we can make service accounts more secure in a cloud environment.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I wholeheartedly approve of Microsoft new guidance on not requiring users to change their passwords at regular intervals as this tends to weaken the types of passwords a user choose.

    However, the maximum length of 16 characters for AzureAD account passwords is really not sufficient to allow users to set good passwords based on combining random words.

    Given this limitation is not present in on-prem AD, I presume there is some compatibility issue with legacy products that prevents it being allowed in AzureAD?

    I would rather than the option of enabling it with caveat that some applications won't work (if they are listed) than restrict my users to weak passwords.

  • Gururaj Pandurangi commented  ·   ·  Flag as inappropriate

    Is this feature now being planned?
    Please advise on the availability of this. Looks like its been ~2yrs for this request

  • Erwen commented  ·   ·  Flag as inappropriate

    We'd also like to manage password policy for Azure AD. This is mainly to restrict admin access to the Azure portal.

Feedback and Knowledge Base