Strengthen password security

Help protect against breaches caused by lost or stolen credentials.

Password policy best practices

When it comes to password safety, the stronger the password protection policy is, the better. To help improve security, basic authentication should be replaced with stronger verification methods, such as multifactor authentication.

Password protection for Azure Active Directory

Password protection for Azure Active Directory (Azure AD) detects and blocks known weak passwords and their variants, and other common terms specific to your organization. It also includes custom banned password lists and self-service password reset capabilities.

Block weak passwords in the cloud

Cloud-based password protection can help you stop weak passwords, their variants, and other risky terms from being used in your organization.

Block weak passwords on-premises

On-premises password protection uses the same global and custom banned password lists that are stored in Azure AD. It also checks for the same password changes that Azure AD monitors in the cloud.

Minimize friction with self-service management

Azure AD self-service capabilities help users reset their passwords when prompted, verify sign-ins when risky behavior is detected, and update their security information.

Take a deep dive into Azure AD password protection

Additional password protection resources


Get an overview of authentication and verification methods in Azure AD.

How-to guides

See step-by-step guidance to plan a self-service password reset.


Learn how to help users unlock their accounts or reset passwords.

Safeguard your organization with a seamless identity solution

Multifactor authentication in Azure Active Directory adds more security than simply using a password when a user signs in. The user can be prompted for additional forms of authentication, such as responding to a push notification, entering a code from a software or hardware token, or responding to a text message or phone call.