This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 55.00000000000001%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGC%3C/text%3E%3C/svg%3E)
I have found articles pertaining to Azure AD using the Global Banned Password list, but have NOT been able to find any references to B2C using the Global Banned Password list.
Does B2C utilize the Global Banned Password list to prohibit users from selecting a previously leaked password?
Thanks,
Gene
Hi @Gene Calai
1) As far as I can see you can only do this with a custom policy as seen at https://learn.microsoft.com/en-us/answers/questions/34579/how-to-enable-azure-b2c-custom-banned-password-lis.html (see answer by SaurabhSharma-msft)
2) Here is the github for implementation:
A B2C IEF Custom Policy - Sign up and Password reset with banned password list
https://github.com/azure-ad-b2c/samples/tree/master/policies/banned-password-list-no-API
If this is helpful please accept answer.
DillonJS,
From what I have found there is a "Global Banned Password List" and the capability to implement your own "Custom banned password list". See: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad. These appear to be separate features of Azure AD.
The link you provide seems to discuss implementing your own "Custom". My question is to seek clarity on the "Global Banned Password List" and does it apply to Azure B2C?
I'm not sure if Azure B2C password changes are using all the same logic/capabilities of Azure AD and it's password protection.
The question I have is "Is Azure AD Password Protection used with B2C password changes and thus checking against Microsoft's Global Banned Password List?"
Thanks,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Gene Calai As I understand your question is to seek clarity on the "Global Banned Password List" and does it apply to Azure B2C? - Answer is no, we do not have such capability on B2C for the moment. You can share your feedback here https://feedback.azure.com/d365community/search/?q=b2c+banned+password which is closely monitored by our product group team.