Share via

Microsoft 365: how to increase minimum password length

ft 61 Reputation points
2022-10-25T08:35:28.883+00:00

"Is there a way to edit the password policy by increasing the minimum password length from 8 - 12 in Azure AD or Office 365 admin center?"
(https://stackoverflow.com/questions/60521841/change-azure-ad-password-policy)

Someone already asked this question two years ago on stackoverflow, so i just repeat it here.

I cant find any settings in Azure (and also not in the new Entra), nor in M365 admin center.
And if, (hopefully) in addition, to force the users to change their password, if it doesnt meet the requirements.

Thank you.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,261 questions
Accepted answer
  1. JamesTran-MSFT 36,811 Reputation points Microsoft Employee
    2022-10-25T19:00:37.593+00:00

    @ft
    Thank you for your post!

    When it comes to Azure AD password policies, it isn't possible to change these settings. A password policy is applied to all user accounts that are created and managed directly in Azure AD. Some of these password policy settings can't be modified, though you can configure custom banned passwords for Azure AD password protection or account lockout parameters. For more info - Azure AD password policies.

    253957-image.png

    If you'd like this feature to be available I'd recommend leveraging our User Voice forum and creating a feature request, so our engineering team can look into implementing this. I've also created an internal feature request, so our engineering team is aware of this as well.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michael Scheidell 15 Reputation points
    2023-04-24T18:53:46.69+00:00

    yes, people have been asking for this for a long time. We have an issue with PCI-DSS ver 4.0 requires a 12 character password. (but, they put in a provision for the 800 lb gorilla in the room. if you use microsoft office365/ azureAD, PCI-DSS allows you to get away with 8 chars.. how nice of them) "8.3.6 If passwords/passphrases are used as authentication factors to meet Requirement 8.3.1, they meet the following minimum level of complexity: • A minimum length of 12 characters (or IF the system does not support 12 characters, a minimum length of eight characters). • Contain both numeric and alphabetic characters."

    3 people found this answer helpful.
    0 comments
  2. rafalzak 3,246 Reputation points
    2022-10-25T09:13:08.303+00:00

    Hi @ft ,

    It's not possible to change Azure AD password policy.
    However if you have on-prem AD you can set password policy there and sync pass to Azure AD.

    0 comments
  3. ft 61 Reputation points
    2022-10-26T14:54:27.017+00:00

    thank you both.
    i even found the old topic in the user voice forum, mentioned in stackoverflow, which is now more than 3 years old.
    https://feedback.azure.com/d365community/idea/928cbe0a-b625-ec11-b6e6-000d3a4f0789

    i try to be optimistic

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.