Trace Id is missing
Skip to main content
Microsoft Security

Strengthen password security

Help protect against breaches caused by lost or stolen credentials.

Azure AD is now part of Microsoft Entra

Step into tomorrow with Microsoft Entra, the new family of multicloud identity and access products to help you secure access for a connected world.

Password policy best practices

When it comes to password safety, the stronger the password protection policy is, the better. To help improve security, basic authentication should be replaced with stronger verification methods, such as multifactor authentication.

Authentication Using Password

Password protection for Azure Active Directory

Password protection for Azure Active Directory (Azure AD) detects and blocks known weak passwords and their variants, and other common terms specific to your organization. It also includes custom banned password lists and self-service password reset capabilities.

Block weak passwords in the cloud

Cloud-based password protection can help you stop weak passwords, their variants, and other risky terms from being used in your organization.

Block weak passwords on-premises

On-premises password protection uses the same global and custom banned password lists that are stored in Azure AD. It also checks for the same password changes that Azure AD monitors in the cloud.

Minimize friction with self-service management

Azure AD self-service capabilities help users reset their passwords when prompted, verify sign-ins when risky behavior is detected, and update their security information.

Take a deep dive into Azure AD password protection

Additional password protection resources


Get an overview of authentication and verification methods in Azure AD.

How-to guides

See step-by-step guidance to plan a self-service password reset.


Learn how to help users unlock their accounts or reset passwords.

Safeguard your organization with a seamless identity solution

Follow Microsoft 365