Excluding specific Service Accounts OU when enabling the Azure AD Password Protection DC Agent Enforce policy ?

EnterpriseArchitect 6,041 Reputation points
2021-10-20T05:24:43.907+00:00

May I know what will be the impact when enabling the Azure AD Password Protection DC Agent using https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations#enable-on-premises-password-protection ?

I assume it must be installed in all Domain Controllers in the forest except RODC, not just ones with the FSMO role.

How to exclude specific Service Accounts OU?

I do not want to cause any outage or service account disturbance when I enable the mode to Enforce.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Other
0 comments No comments
{count} vote

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.