Ensure password protection is enabled for on-prem Active Directory
Why This Matters
Weak passwords are a primary vector for credential-based attacks in hybrid environments. Without Microsoft Entra Password Protection on your on-premises Active Directory, users can still choose weak or commonly leaked passwords that bypass the protections already applied to cloud accounts. Enforcing this feature ensures that banned password lists are consistently applied across all authentication sources, reducing the risk of compromise from password spraying and brute force attacks.
What Aether365 Checks
Aether365 verifies that Microsoft Entra Password Protection is enabled and configured in Enforced mode for your on-premises Active Directory Domain Services environment. This check appears in your Aether365 dashboard under Entra ID security checks as item ENTRA.1155.