B2C and Global Banned Password List

Gene Calai 1 Reputation point
2022-11-23T21:43:35.74+00:00

I have found articles pertaining to Azure AD using the Global Banned Password list, but have NOT been able to find any references to B2C using the Global Banned Password list.

Does B2C utilize the Global Banned Password list to prohibit users from selecting a previously leaked password?

Thanks,

Gene

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,759 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Dillon Silzer 56,361 Reputation points
    2022-11-23T22:26:34.4+00:00

    Hi @Gene Calai

    1) As far as I can see you can only do this with a custom policy as seen at https://learn.microsoft.com/en-us/answers/questions/34579/how-to-enable-azure-b2c-custom-banned-password-lis.html (see answer by SaurabhSharma-msft)

    2) Here is the github for implementation:

    A B2C IEF Custom Policy - Sign up and Password reset with banned password list

    https://github.com/azure-ad-b2c/samples/tree/master/policies/banned-password-list-no-API


    If this is helpful please accept answer.


  2. Givary-MSFT 30,756 Reputation points Microsoft Employee
    2022-11-29T10:01:49.893+00:00

    @Gene Calai As I understand your question is to seek clarity on the "Global Banned Password List" and does it apply to Azure B2C? - Answer is no, we do not have such capability on B2C for the moment. You can share your feedback here https://feedback.azure.com/d365community/search/?q=b2c+banned+password which is closely monitored by our product group team.

    0 comments No comments