Share via


Azure AD Password Policy – Good to know

Characters allowed

  • A – Z
  • a -z
  • 0 – 9
  • @ # $ % ^ & * - _ ! + = [ ] { } | \ : ' , . ? / ` ~ " ( ) ;

Characters not allowed

  • Unicode characters
  • Spaces
  • Strong passwords only: Cannot contain a dot character '.' immediately preceding the '@' symbol

Password restrictions

  • 8 characters minimum and 16 characters maximum
  • Strong passwords only: Requires 3 out of 4 of the following:•Lowercase characters
  • Uppercase characters
  • Numbers (0-9)
  • Symbols (see password restrictions above)

Password expiry duration

  • Default value: 90 days
  • Value is configurable using the Set-MsolPasswordPolicy cmdlet from the Azure Active Directory Module for Windows PowerShell.

Password expiry notification

  • Default value: 14 days (before password expires)
  • Value is configurable using the Set-MsolPasswordPolicy cmdlet.

Password Expiry

  • Default value: false days (indicates that password expiry is enabled)
  • Value can be configured for individual user accounts using the Set-MsolUser cmdlet.

Password history

Last password cannot be used again.

Password history duration

Forever

Account Lockout

After 10 unsuccessful sign-in attempts (wrong password), the user will be locked out for one minute. Further incorrect sign-in attempts will lock out the user for increasing durations.