Windows Server 2019 – Banned passwords

How to install docker on windows 10

If you are an Azure Active Directory customer, you already have access to this new function called banned passwords. The idea is this:¬†Microsoft maintains a global ongoing list of commonly bad passwords (such as the word password), and automatically blocks all variants of password such as P@ssword, Password123, and so on. Any of these potential passwords would be blocked altogether if a user ever tried to create one as their own password. You also have the ability to add your own custom banned passwords inside the Azure Active Directory interface. Once you have banned passwords up and running in Azure, this capability can then be ported to your on-premises Active Directory environment as well, by implementing the Azure Active Directory password protection proxy service (whew, that’s a mouthful). This proxy interfaces between your on-premises Domain Controllers and your Azure Active Directory, ensuring that passwords that users attempt to put into place on your local Domain Controllers are fitting within the rules defined by Azure’s banned password algorithms.

In order to use this technology, you must of course be utilizing Azure Active Directory, so this isn’t for everyone. However, if you do have and sync to Azure Active Directory, then this capability is even backported to older versions of on-premises Domain Controllers. These servers can be as old as Windows Server 2012.

Here is a link to further information on banned passwords:

Comments are closed.