7,023 questions
Excluding specific Service Accounts OU when enabling the Azure AD Password Protection DC Agent Enforce policy ?

EnterpriseArchitect
6,041
Reputation points
May I know what will be the impact when enabling the Azure AD Password Protection DC Agent using https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations#enable-on-premises-password-protection ?
I assume it must be installed in all Domain Controllers in the forest except RODC, not just ones with the FSMO role.
How to exclude specific Service Accounts OU?
I do not want to cause any outage or service account disturbance when I enable the mode to Enforce.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Microsoft Entra | Microsoft Entra ID
25,134 questions
Microsoft Security | Microsoft Entra | Other
2,597 questions
Sign in to answer