Microsoft 365: how to increase minimum password length

ft 51 Reputation points

"Is there a way to edit the password policy by increasing the minimum password length from 8 - 12 in Azure AD or Office 365 admin center?"

Someone already asked this question two years ago on stackoverflow, so i just repeat it here.

I cant find any settings in Azure (and also not in the new Entra), nor in M365 admin center.
And if, (hopefully) in addition, to force the users to change their password, if it doesnt meet the requirements.

Thank you.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,469 questions
0 comments No comments
{count} vote

Accepted answer
  1. JamesTran-MSFT 34,036 Reputation points Microsoft Employee

    Thank you for your post!

    When it comes to Azure AD password policies, it isn't possible to change these settings. A password policy is applied to all user accounts that are created and managed directly in Azure AD. Some of these password policy settings can't be modified, though you can configure custom banned passwords for Azure AD password protection or account lockout parameters. For more info - Azure AD password policies.


    If you'd like this feature to be available I'd recommend leveraging our User Voice forum and creating a feature request, so our engineering team can look into implementing this. I've also created an internal feature request, so our engineering team is aware of this as well.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.


    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Michael Scheidell 10 Reputation points

    yes, people have been asking for this for a long time. We have an issue with PCI-DSS ver 4.0 requires a 12 character password. (but, they put in a provision for the 800 lb gorilla in the room. if you use microsoft office365/ azureAD, PCI-DSS allows you to get away with 8 chars.. how nice of them) "8.3.6 If passwords/passphrases are used as authentication factors to meet Requirement 8.3.1, they meet the following minimum level of complexity: • A minimum length of 12 characters (or IF the system does not support 12 characters, a minimum length of eight characters). • Contain both numeric and alphabetic characters."

    2 people found this answer helpful.
    0 comments No comments

  2. rafalzak 3,216 Reputation points

    Hi @ft ,

    It's not possible to change Azure AD password policy.
    However if you have on-prem AD you can set password policy there and sync pass to Azure AD.

    0 comments No comments

  3. ft 51 Reputation points

    thank you both.
    i even found the old topic in the user voice forum, mentioned in stackoverflow, which is now more than 3 years old.

    i try to be optimistic

    0 comments No comments