Skip to content

jkerai1/AzurePasswordProtectionCalculator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
CustomList.txt
CustomList.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
calc.py
calc.py
 
 
eipp-global-bpl.txt
eipp-global-bpl.txt
 
 

Repository files navigation

GitHub stars GitHub forks GitHub issues GitHub pulls

AzurePasswordProtectionCalculator

Calculator for Azure Password Protection. The calculation for what passes as a valid password is difficult to comprehend so I attempted to make a calculator.

https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad

There are notably a few issues:

  • the azure in-built password list is hidden. UPDATE: List was dumped and now been included in the tool!
  • not all string substitions are given on the documentation
  • SSPR can bypass reuse of old password, something I cannot account for
  • License Requirement of P1 / P2
  • Tenant name matching isn't done when validating passwords on an AD DS domain

Score Calculation

image

Fuzzy Matching Behaviour

image

Normalization

image

Password Requirements

image Ref https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#microsoft-entra-password-policies

Example

image

Audit

image

KQL

AuditLogs
| where OperationName == "Change password (self-service)"
| where ResultDescription == "PasswordDoesnotComplyFuzzyPolicy"
| extend User = tostring(parse_json(tostring(InitiatedBy.user)).userPrincipalName)
| summarize count() by User
| where count_ > 1

Featured on Entra News Issue 26 https://entra.news/p/entranews-26-your-weekly-dose-of

About

Calculator for Azure Password Protection

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages