Helping Users Choose Secure Passwords with Azure AD Password Protection

By Brett Benson| July 01, 2019

Despite the rising number of data breaches as a result of compromised user passwords, we’re still seeing an alarming number of users put themselves and the companies they work for at risk by using extremely common and easily guessable passwords. This leaves organizations vulnerable to what is known as password spraying attacks – when a cybercriminal attempts to access a large number of accounts with just a few commonly used passwords. These types of attacks are easy for cybercriminals to implement at scale, and could have devastating consequences to your organization when they inevitably come around.

The simplest way to prevent password spraying is to simply choose better passwords. However, it can be difficult to ensure internal employees understand the importance of having a strong password, let alone knowing how to create one.

This is where Azure AD can help. As you build better security best practices throughout your organization, it’s important that you’re aware of Azure AD password protection and looks for ways to utilize this technology to help secure your environment.

What is Azure AD Password Protection?

Azure AD Password Protection is a feature of Azure Active Directory that validates a user password against global or custom banned password lists whenever a user changes or resets their password.

You can utilize Azure AD Password Protection to help users choose secure passwords in your on-premises environment. By blocking passwords present on the global banned password lists, and by defining custom lists specific to your organization, Azure AD Password Protection is one of your best options for preventing against password spray attacks.

How to Get Started

Azure AD Password Protection for hybrid environments is included in Azure AD Premium P1 or P2. Organizations using cloud-only identity can utilize Azure AD Password Protection with Azure AD for free. Many customers already own this solution as part of their Office 365 subscription but aren’t aware that they could be utilizing it.

Azure AD Password Protection is easy to configure for use with Windows Server Active Directory to protect your on-premises accounts. It does not require additional networks ports to be opened on the domain controllers or the domain controllers to communicate directly, making this an easy choice to implement in your environment.

Managed Defense

Password protection is just one of the many components of a strong cyber defense. There are also an abundance of other security tools that you’ll want in your arsenal. However, many organizations still struggle to understand which solutions will actually make them more secure. A Managed Defense team, powered by Microsoft 365, can help your organization stay agile and competitive while protecting you from today’s most prevalent and emerging threats.

Leveraging opportunities in the cloud