Microsoft Entra Password Protection detects and blocks known weak passwords and their variants, and can also block additional weak terms that are specific to your organization. When users change or reset their passwords, these banned password lists are checked to enforce the use of strong passwords.
| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| ME-PP-E3 | Password Protection | protect | partial | T1586.003 | Cloud Accounts |
Comments
Cloud accounts should have complex and unique passwords across all systems on the network. When a password is changed or reset for any user in a Microsoft Entra tenant, the current version of the global banned password list is used to validate the strength of the password. This validation check results in stronger passwords for all Microsoft Entra customers.
License Requirements:
Microsoft Entra ID Free, Microsoft Entra ID P1, or Microsoft Entra ID P2
References
|
| ME-PP-E3 | Password Protection | protect | partial | T1078 | Valid Accounts |
Comments
Accounts should have complex and unique passwords across all systems on the network. When a password is changed or reset for any user in a Microsoft Entra tenant, the current version of the global banned password list is used to validate the strength of the password. This validation check results in stronger passwords for all Microsoft Entra customers.
License Requirements:
Microsoft Entra ID Free, Microsoft Entra ID P1, or Microsoft Entra ID P2
References
|
| ME-PP-E3 | Password Protection | protect | partial | T1110.004 | Credential Stuffing |
Comments
With Microsoft Entra Password Protection, you can define entries in a custom banned password list. When a password is changed or reset for any user in a Microsoft Entra tenant, the current version of the global banned password list is used to validate the strength of the password. This validation check results in stronger passwords for all Microsoft Entra customers.
License Requirements:
Microsoft Entra ID Free, Microsoft Entra ID P1, or Microsoft Entra ID P2
References
|
| ME-PP-E3 | Password Protection | protect | partial | T1110.003 | Password Spraying |
Comments
Microsoft Entra Password Protection efficiently blocks all known weak passwords likely to be used in password spray attacks.
License Requirements:
Microsoft Entra ID Free, Microsoft Entra ID P1, or Microsoft Entra ID P2
References
|
| ME-PP-E3 | Password Protection | protect | partial | T1110 | Brute Force |
Comments
With Microsoft Entra Password Protection, default global banned password lists are automatically applied to all users in a Microsoft Entra tenant. To support your own business and security needs, you can define entries in a custom banned password list.
When a password is changed or reset for any user in a Microsoft Entra tenant, the current version of the global banned password list is used to validate the strength of the password. This validation check results in stronger passwords for all Microsoft Entra customers.
License Requirements:
Microsoft Entra ID Free, Microsoft Entra ID P1, or Microsoft Entra ID P2
References
|