Share via

Cloud Only Risky User Password hashes

Maarten Schmeitz 21 Reputation points
2022-02-16T12:40:19.543+00:00

When you have a Cloud only Tenant with only cloud only accounts, or a hybrid tenant with w/o PHS enabled and cloud only accounts, does Microsoft also check leaked passwords against the password hashes to find risky users?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,829 questions
Accepted answer
  1. Clément BETACORNE 2,031 Reputation points
    2022-02-17T08:42:35.13+00:00

    Hello,

    Based on my understanding Microsoft will report on leaked credential if your accounts are cloud only or if the password hash sync is enabled :
    https://learn.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity#:~:text=The%20Users%20with%20leaked%20credentials,sites%20that%20are%20later%20breached.

    "Microsoft finds many of these leaked credentials and will tell you, in this report, if they match credentials in your organization – but only if you enable password hash sync or have cloud-only identities."

    Regards,

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Givary-MSFT 28,576 Reputation points Microsoft Employee
    2022-02-17T10:00:06.623+00:00

    @Maarten Schmeitz

    Refer Risk Detection section in this article https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#common-questions

    When the Microsoft leaked credentials service acquires user credentials from the dark web, paste sites, or other sources, they are checked against Azure AD users' current valid credentials to find valid matches. For more information about leaked credentials.

    Let me know if you have any questions.

    0 comments