Skip to main content

Default Settings - Password Rule Settings - Enforce custom list

When enabled, the words in the list below are used in the banned password system to prevent easy-to-guess passwords.


Name	EnableBannedPasswordCheck
Control	Default Settings - Password Rule Settings
Description	Define the password protection and Smart Lockout configurations that can be used to customize the tenant-wide and object-specific restrictions and allowed behavior
Severity	High

How to fix

Details of configuration item


Recommendation	Password protection in Microsoft Entra ID - Microsoft Entra ID - Microsoft Learn
Configuration	settings
Setting	`values
Recommended Value	'True'
Default Value	True
Graph API Docs	directorySetting resource type - Microsoft Graph beta - Microsoft Learn
Graph Explorer	Open in Graph Explorer

MITRE ATT&CK

Tactic	Technique	Mitigation
TA0006 - Credential Access - Credential Access	T1110 - Brute Force	M1018 - User Account Management M1027 - Password Policies

How to fix
- Details of configuration item
MITRE ATT&CK