Share via

Azure AD Password protection with on premise Domain password policy

CAGNON, Gerard 21 Reputation points
2023-01-03T15:01:14.49+00:00

Hello,

I have a question on Azure AD Password Protection. If I install it on all DC of a domain, will the user password change continue to meet the local domain password policy ?
How the password will be validated ? (GPO verification--> Azure Password protection validation, Azure Password Protection validation --> GPO verification ?)

Thank you in advance for your help :)

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. TP 126.3K Reputation points Volunteer Moderator
    2023-01-03T15:43:44.317+00:00

    Hi,

    Yes, passwords will need to meet domain requirements as well as Azure AD Password Protection, assuming you have Passwords must meet complexity requirements Enabled. And if you have any other password filter dlls (besides AAD Password Protection), the passwords would need to be acceptable to those as well.

    All of the password filters installed on the system must return true for a password to be accepted.

    Some references if you would like to learn more:

    https://learn.microsoft.com/en-us/windows/win32/secmgmt/strong-password-enforcement-and-passfilt-dll

    https://learn.microsoft.com/en-us/windows/win32/api/ntsecapi/nc-ntsecapi-psam_password_filter_routine

    https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-faq#is-it-supported-to-install-azure-ad-password-protection-side-by-side-with-other-password-filter-based-products

    -TP

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.