Default Settings - Password Rule Settings - Password Protection - Enable password protection on Windows Server Active Directory
Why This Matters
Weak or compromised passwords remain one of the most common attack vectors for Active Directory environments. When password protection is disabled on Windows Server Active Directory, users can select easily guessed passwords, increasing the risk of credential theft, privilege escalation, and unauthorized network access. Enabling this feature forces the use of strong, banned passwords defined in your tenant, directly reducing the attack surface.
What Aether365 Checks
Aether365 verifies that the directory setting to enable password protection on Windows Server Active Directory is set to True. This check appears in the entra-id section of your Aether365 dashboard.