Hey everyone, I'm working on enforcing password policies for a user base that's completely managed through Entra ID. The issue I'm facing is that Entra seems to have a hard limit of 8 characters for password length and I really want to set the minimum to 14 characters. All our devices are managed with Intune and our users are solely on Entra ID, with no on-premises synchronization. I'm looking for suggestions or workarounds to enforce these stronger password requirements beyond what Entra currently allows. Thanks for any help!
2 Answers
Instead of relying solely on those password requirements, you might want to focus on implementing stronger security measures like building proper Conditional Access Policies (CAPS) that enforce Multi-Factor Authentication (MFA). You could also consider moving towards a passwordless approach, which is becoming more popular.
One option could be to send out an email to your users reminding them to create passwords that meet your 14-character minimum. Just make sure to emphasize the importance of following that guideline!
We've definitely got MFA set up, but the password requirement is something the compliance board demands. We even had to disable Windows Hello since it didn't meet their security criteria.