Share via

B2C and Global Banned Password List

Gene Calai 1 Reputation point
2022-11-23T21:43:35.74+00:00

I have found articles pertaining to Azure AD using the Global Banned Password list, but have NOT been able to find any references to B2C using the Global Banned Password list.

Does B2C utilize the Global Banned Password list to prohibit users from selecting a previously leaked password?

Thanks,

Gene

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 57,831 Reputation points Volunteer Moderator
    2022-11-23T22:26:34.4+00:00

    Hi @Gene Calai

    1) As far as I can see you can only do this with a custom policy as seen at https://learn.microsoft.com/en-us/answers/questions/34579/how-to-enable-azure-b2c-custom-banned-password-lis.html (see answer by SaurabhSharma-msft)

    2) Here is the github for implementation:

    A B2C IEF Custom Policy - Sign up and Password reset with banned password list

    https://github.com/azure-ad-b2c/samples/tree/master/policies/banned-password-list-no-API

    If this is helpful please accept answer.

  2. Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator
    2022-11-29T10:01:49.893+00:00

    @Gene Calai As I understand your question is to seek clarity on the "Global Banned Password List" and does it apply to Azure B2C? - Answer is no, we do not have such capability on B2C for the moment. You can share your feedback here https://feedback.azure.com/d365community/search/?q=b2c+banned+password which is closely monitored by our product group team.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.