Azure AD Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization. Azure AD Password Protection provides a global banned password list that is automatically applied to all users in an Azure AD tenant. The Azure AD Identity Protection team constantly analyzes Azure AD security telemetry data looking for commonly used weak or compromised passwords. When weak terms are found, they're added to the global banned password list. To support your own business and security needs, you can define entries in a custom banned password list. When users change or reset their passwords, these banned password lists are checked to enforce the use of strong passwords.
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| azure_active_directory_password_protection | Azure Active Directory Password Protection | protect | partial | T1110 | Brute Force | |
| azure_active_directory_password_protection | Azure Active Directory Password Protection | protect | partial | T1110.001 | Password Guessing | |
| azure_active_directory_password_protection | Azure Active Directory Password Protection | protect | partial | T1110.002 | Password Cracking | |
| azure_active_directory_password_protection | Azure Active Directory Password Protection | protect | partial | T1110.003 | Password Spraying | |
| azure_active_directory_password_protection | Azure Active Directory Password Protection | protect | partial | T1110.004 | Credential Stuffing |