Azure ad password policy best practices

• A minimum of 8 characters and a maximum of 256 characters.
• Requires three out of four of the following: Lowercase characters. Uppercase characters. Numbers (0-9). Symbols (see the previous password restrictions).

1. What is the best practice for password policy?
2. Where do I put password complexity in Azure AD?
3. What isn't a recommended practice when it comes to password policies?

What is the best practice for password policy?

Best practices for password policy

Configure a minimum password length. Enforce password history policy with at least 10 previous passwords remembered. Set a minimum password age of 3 days. Enable the setting that requires passwords to meet complexity requirements.

Where do I put password complexity in Azure AD?

In the Azure portal, search for and select Azure AD B2C. Select User flows. Select a user flow, and click Properties. Under Password complexity, change the password complexity for this user flow to Simple, Strong, or Custom.

What isn't a recommended practice when it comes to password policies?

Additional Recommendations - Do not use:

Passwords that have been compromised in previous breaches. Words that can be found in the dictionary. Repetitive or sequential characters such ("aaaaaaaa" or "1234abcd")