Default Settings - Password Rule Settings - Enforce custom list
When enabled, the words in the list below are used in the banned password system to prevent easy-to-guess passwords.
| Name | EnableBannedPasswordCheck |
| Control | Default Settings - Password Rule Settings |
| Description | Define the password protection and Smart Lockout configurations that can be used to customize the tenant-wide and object-specific restrictions and allowed behavior |
| Severity | High |
How to fix
Details of configuration item
| Recommendation | Password protection in Microsoft Entra ID - Microsoft Entra ID - Microsoft Learn |
| Configuration | settings |
| Setting | `values |
| Recommended Value | 'True' |
| Default Value | True |
| Graph API Docs | directorySetting resource type - Microsoft Graph beta - Microsoft Learn |
| Graph Explorer | Open in Graph Explorer |
MITRE ATT&CK
| Tactic | Technique | Mitigation |
|---|---|---|
| TA0006 - Credential Access - Credential Access | T1110 - Brute Force | M1018 - User Account Management M1027 - Password Policies |