Password policy in External ID tenants

Question

Is it possible to configure password policy such as complexity and expiration for local accounts in external tenant (CIAM tenant)?

And what is the default password complexity and expiration policy for external ID local accounts?

Answer 1

Hi @Mobu • Thank you for reaching out.

Per my understanding you are looking for 2 things:

1. The ability to customize password complexity and expiration rules for local accounts in an Entra External ID tenant.
2. The default settings for password complexity and expiration for Entra External ID tenants.

You can find the answer to your questions below:

1. At the moment the ability to customize the complexity and expiration rules is not supported in User Flows at Sign-Up. This question was previously asked in this Q&A post as well, I'd recommend the same steps as given there to you as well, to file a feature request here so requests for this functionality can be properly tracked.
2. The defaults are documented in the following Learn article: Microsoft Entra password policies, Microsoft Entra External ID will follow these same defaults.

A minimum of 8 characters and a maximum of 256 characters. Requires three out of four of the following types of characters:

• Lowercase characters
• Uppercase characters
• Numbers (0-9)
• Symbols (see the previous password restrictions)

The new password must not be weak or commonly used. If the tenant was created after 2021, it has no default expiration value, otherwise 90 days is the default value.

You can see this for your specific tenant using the Get-MgDomain cmdlet as per the below sample screenshot.

---

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.