Default Settings - Password Rule Settings - Enforce custom list
Why This Matter
Enforcing a custom banned password list prevents users from choosing easily guessed passwords that are commonly targeted in attacks. Without this setting, attackers can use known password lists to compromise accounts, leading to unauthorized access and data breaches. IT administrators should enable this control to strengthen password security against credential stuffing and brute force attacks.
What Aether365 Checks
Aether365 verifies that the "Enforce custom list" setting under password rule settings is enabled for your Microsoft Entra ID tenant. This check appears in the Aether365 dashboard under the entra-id section.