Account/Authentication - Azure Active Directory - Ensure that Password Protection is Enabled for Active Directory

 







Summary

If Azure Active Directory Password Protection to Active Directory is enabled, then, it will help in protecting against the use of common passwords. However, this recommendation applies to Hybrid deployments only, and will be of no use unless working with on-premises Active Directory.

Reason

As Azure Directory protects an organization against the use of weak or leaked passwords and also helps them in creating a list of custom banned passwords to prevent their users from using easily guessed passwords that are specific to their industry; deploying this feature to Active Directory will strengthen the passwords that are used in the environment.

What If?

The end result of this setting highly depends upon existing password policies in place in the environment, hence, those with stronger password policies in place, will be affected minimally, while, those without them will have to implement Azure Active Directory Password Protection for users to change and adhere to more stringent requirements than they have been accustomed to.

How to?

To setup Azure Active Directory Password Protection, use the following steps:
  1. Download and install the Azure AD Password Proxies and DC Agents from https://www.microsoft.com/download/details.aspx?id=57071
  2. After completing the installation, login to https://admin.microsoft.com as a Global Administrator.
  3. Go to Admin centers and click on Azure Active Directory.
  4. On the left side navigation select Azure Active Directory and then Security followed by Authentication methods.
  5. Now, choose Password protection and toggle enable password protection on Windows Server Active Directory to Yes and Mode to Enforced.
  6. Now, click Save at the top of the right pane.

      
Monitor:

To verify that Azure Active Directory Password Protection is enabled, use the Microsoft 365 Admin Center:
  1. Login to https://admin.microsoft.com as a Global Administrator.
  2. Go to Admin centers and click on Azure Active Directory.
  3. On the left side navigation select Azure Active Directory and then Security followed by Authentication methods.
  4. Now, choose Password protection and make sure enable password protection on Windows Server Active Directory is set to Yes and Mode is set to Enforced.
  5. Now, verify that the Domain Controller Agent and Proxy's are deployed to the Domain Controllers in the environment.














Comments

Popular posts from this blog

Deployment (Part 3)

Project Resourcing (Part 2)

Design Planning (Part 3)