Calculator for Azure Password Protection. The calculation for what passes as a valid password is difficult to comprehend so I attempted to make a calculator.
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad
There are notably a few issues:
- the azure in-built password list is hidden
- not all string substitions are given on the documentation
- SSPR can bypass reuse of old password, something I cannot account for
- License Requirement of P1 / P2
- Tenant name matching isn't done when validating passwords on an AD DS domain
AuditLogs
| where OperationName == "Change password (self-service)"
| where ResultDescription == "PasswordDoesnotComplyFuzzyPolicy"
| extend User = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)
| summarize count() by User
| where count_ > 1