If you are like most IT administrators, you have long had a mandate to change passwords on a regular basis. You’ve mandated a minimum length of passwords. Yet your users still select guessable passwords. As noted in the Windows 10 1903 security baseline policies, password policies that mandate frequent password changes actually encourages poor password selection.
Your policies should encourage good passwords and block bad ones. One way you can implement this is with Azure AD Password Protection. You’ll need, of course, Azure Active Directory synchronized with your existing AD infrastructure.
First, sign into the Microsoft Azure portal with a global administrator account. Next browse to Azure Active Directory and then to the Authentication methods blade, where you’ll see Password protection, as shown:
Azure AD Password Protection authentication methods
You may want to enable a custom banned password list that includes the listing of known commonly used passwords to ensure that they are not used in your network.
