Is it possible to export all the passwords hashes from an Azure AD?

Andreu Martínez, Óscar 20 Reputation points
2023-11-30T08:31:33.31+00:00

A brief introduction:

One of the regular security activities we perform in our company is to extract all the password hashes from the Active Directory and try to crack them in an offline dedicated computer using leaked passwords and other dictionaries in combination with an extensive set of mangling rules.

This process ensures that the passwords being used in our company not only comply with the security policies but also are not easy to guess.

The problem:

One of our branches is starting to use only AAD, so at this moment this security test cannot be performed.

Is there a way to get all the hashes from an Azure AD?

Thanks in advance.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,575 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 100.1K Reputation points MVP
    2023-11-30T08:39:15.4266667+00:00

    No, there is no way to export them. If you are worried about people using common or leaked passwords, enable the password protection feature: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad

    It's not fully customizable, but it's the best you can get with Entra ID. Alternatively, you can use an auth method that redirects the process to your on-premises or federated identity provider, which will give you more freedom.


0 additional answers

Sort by: Most helpful