课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Entra ID: Password management - Microsoft Security Copilot教程

课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Entra ID: Password management

- [Instructor] Passwords are still the most common form of authentication, so it's important to manage passwords properly. Microsoft Entra ID provides several ways to protect passwords. Its building password policy enforces the password requirements, such as the minimum password length, the password complexity by using the mix of uppercase characters, lowercase characters, numbers, and symbols, and the password expiration duration. The password lockout to handle multiple unsuccessful sign-in attempts, the banned password list to block the usage of weak passwords and their variations such as password1. Microsoft maintains a global banned password list. Organizations can also set up their custom banned password list. And in the hybrid environment that includes both cloud and on-premises, Microsoft Entra password protection can be integrated with an on-premises active directory. Microsoft Entra ID also supports a self-service password reset or SSPR, so users can change their passwords without involving the help desk. You can configure the authentication methods for the self-service password reset. Now let's look at the password protection in the Microsoft Entra Admin Center. Here I can set up lockout threshold. Lockout threshold refers to how many failed sign-ins on the account allowed before its first lockout. For example, 10 times. Lockout duration, for example, 60 seconds. I can set up and enforce my custom banned password list. For example, I don't want to include my demo company name and some job roles in the passwords. I can enter here. I can also enable password protection for Windows Server Active Directory. Next, let's look at self-service password reset. Click Password Reset. I can enable the self-service password reset for the selected group or all users. Then I will configure the authentication methods for the self-service password reset. I can select if it requires one-step verification or two-step verification. Then choose the authentication methods available to users. For example, email or mobile phone.

内容