2,596 questions
well, you are using Entra :)
If you want to use Entra password protection you need the correct license:
Entra on-premise password protection, without deploying Azure, hybrid environment
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 28.000000000000004%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E3%3C/text%3E%3C/svg%3E)
300cPilot
0
Reputation points
We have an on prem AD, with one way AD sync to M365 on E3 level. We are looking for clarification to the following question, want to know if it is possible to deploy Entra on-premise password protection, without deploying Azure/Entra AD?
Microsoft Security | Microsoft Entra | Other
3 answers
Sort by: Most helpful
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2024-04-17T20:37:57.45+00:00 -
300cPilot 0 Reputation points
2024-04-17T21:24:33.1033333+00:00 M365 E3 licensing includes the Entra P1 license. The link you included has the following, "On-premises AD DS users that aren't synchronized to Microsoft Entra ID also benefit from Microsoft Entra Password Protection based on existing licensing for synchronized users." Can you tell me if this means that a one way sync, from prem to Entra/Azure, will work?
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator2024-04-25T10:16:34.8433333+00:00 Hi @300cPilot
Thank you for reaching out to the community forum!
To answer your question, Deploying Microsoft Entra on-premises password protection requires integration with Entra ID (Azure AD). Microsoft Entra Password Protection is an Azure feature that supports being extended into an on-premises Active Directory environment.
To protect your on-premises Active Directory Domain Services (AD DS) environment, you can install and configure Microsoft Entra Password Protection to work with your on-premises domain controller (DC)
Hope this helps. Do let us know if you any further queries.
Thanks,
Akhilesh.
If this answers your query, do click
Accept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know.-
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
2024-04-28T14:56:37.6633333+00:00 Hi @300cPilot
Following up to see if the above answer was helpful. If this answers your query, do click
Accept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know. -
Akhilesh Vallamkonda 15,320 Reputation points Microsoft External Staff Moderator
2024-05-02T03:04:42.47+00:00 Hi @300cPilot
Following up to see if the above answer was helpful. If this answers your query, do click
Accept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know. -
300cPilot 0 Reputation points
2024-05-07T20:18:13.9833333+00:00 This is still not clear as to what we need to do. Is there instructions somewhere that go through the setup process? These will need to call out "Local AD" setup.
Thanks,
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator2024-05-08T03:23:26.7033333+00:00 @300cPilot Here is the link for deployment of Password protection - https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-deploy A
As you asked above clarification on this statement "On-premises AD DS users that aren't synchronized to Microsoft Entra ID also benefit from Microsoft Entra Password Protection based on existing licensing for synchronized users" - as per my understanding is that the on prem users are covered by the existing licenses for the synced users.
Let me know if you have any questions, feel free to post back.
-
300cPilot 0 Reputation points
2024-05-08T15:28:11.29+00:00 I have read that link before. Maybe I am not seeing the whole picture. I believe we will do a test install and see where it gets us. Thanks all!
Sign in to comment -