Easy passwords

Question

Is it possible to make a policy which does not allow easy passwords like qwerty1234

Answer 1

@Daniel Ideho, Thanks for posting in Q&A.

From your description, I know you are looking for a policy to not allow easy password.

As @Michael Taylor mentioned, the best way to prevent “simple” passwords is to add password complexity rules. And based on my research, there is one policy in Intune called LAPS to manage local administrator password that can configure the password complexity rule you can refer to.

https://www.anoopcnair.com/implement-password-complexity-policy-intune/

Non-official, just for reference.

Hope it will help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Define "easy". What you consider easy may be difficult for someone else or very difficult for a bot. For example a1b2c3d4e5 is a very simple password for a human to figure out but a bot would probably struggle with it. There are lists of weak passwords that are available but in my experience MS doesn't use any of that. We use Azure B2C and every security pen test we get flagged for allowing "weak" passwords.

The best way to prevent "easy" passwords is to increase the password complexity rules. Changing the required char classes to include all types (upper, lower, digits, symbols) prevents simple passwords but not things like qwerty_1234 or qwerty_!234. Unfortunately I don't know that you can do anything more complex. Intune, AFAIK, doesn't support custom password policies.