So, you have deployed and registered your Azure AD Password Protection agents on your on-premises environment (see https://t.co/PnWZiWbWic).

Now you can manage this feature by controlling how it is going to work – aka manage your own banned passwords list, enforce the feature or enable the Smart Lookout (to restrict the risk of getting your AD account locked because somebody is trying to guess your password).

To manage Azure AD Password Protection, connect to your Azure portal (or Azure AD portal) with your global administrator account and reach the Authentication methods configuration blade shown below the Security option of your Azure AD

image

From this blade you have only one configuration option for Password Protection

The Password Protection blade will then let you configure:

  • the Smart Lockout threshold
  • the duration for the lockout
  • Enable/disable and manage your own banned passwords list
  • Enable/disable the use of the Azure AD Password Protection
  • and finally enforce the use of Azure AD Password Protection – the default (after the activation of the agents) is set to Audit. The Enforce mode will block the possibility for your end-users to use any banned/blocked password

image

NOTE the banned password can not be longer than 16 characters