Share via

Azure active directory only restricts last password not to be same when resetting password. Can we configure it to restrict last 4 password to be not same?

Adeel Shahzad 1 Reputation point
2022-08-03T23:37:44.993+00:00

PCIDSS requirement 8.2.5 states that Do not allow an individual to reuse last 4 or more passwords.

We are using Azure Active Directory for authentication and access to CHD.

Is there anyway that we can configure that while resetting a password in AAD, user can't use last four passwords.

Microsoft Entra

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sandeep G-MSFT 20,756 Reputation points Microsoft Employee
    2022-08-08T17:14:58.13+00:00

    @Adeel Shahzad

    If users in Azure active directory were synced from on-premises AD, then the on-premises password policy gets applied to users. You can add this restriction to on-premises password policy.

    If all users were created directly in cloud, then the cloud password policy gets applied to users.

    For now, we do not have a Azure AD password policy restriction that will not allow users to use previous passwords.

    You can also refer below article to get more information on what restrictions are included in Azure AD password policy,
    https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts

    You can provide your feedback in Azure feedback portal by accessing below link. These feedbacks are directly monitored by our PM's.
    https://feedback.azure.com/d365community/forum/22920db1-ad25-ec11-b6e6-000d3a4f0789

    Hope this answers your question.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.