Share via

Where can I validate the encryption used for passwords within Azure AD?

Jeffe 1 Reputation point
2020-07-10T15:00:12.513+00:00

I have an okay understanding of how passwords are stored and secured for on-prem Active Directory. However, how are they stored/encrypted for a fully cloud environment utilizing Azure Active Directory?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,238 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 116.9K Reputation points MVP
    2020-07-10T15:42:04.027+00:00
  2. Danny Zollner 10,721 Reputation points Microsoft Employee
    2022-02-14T20:37:41.127+00:00

    Page 16 of https://aka.ms/aaddatawhitepaper

    Hash: Password Key Derivation
    Function 2 (PBKDF2), using HMAC SHA256 @ 1000 iterations

    For password hash sync, the on premises account password hash is
    salted and rehashed. Cloud account
    passwords are salted and hashed.
    The resulting one-way hash derived
    from this operation is encrypted at rest
    (see the "Secret encryption at rest" row
    of this table for details).
    It is important to note that only this
    derivative is stored in the cloud service.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.