Is it possible to change the minimum password length policy for Entra ID in Azure? I've seen all over that it's stuck at 8 characters, which isn't great if you have regulatory needs that require 12 or more characters. If I reach out to Microsoft support, can they adjust this for me?
4 Answers
Unfortunately, you can't change the minimum password length for Entra ID; it's locked at 8 characters. In our organization, we set Intune to require 12 characters for compliance, and conditional access checks for this, ensuring the device needs to meet the requirement to log in successfully.
With the push for MFA, some argue this isn't as critical, but it does feel like something that should have been addressed by now, considering security is a big deal.
Of course, still feels like a feature that should be in place by now, however.
No luck in changing this policy. It's been a request to Microsoft for several years. While some organizations require lengthy passwords and have regulations to enforce that, they seem to be stuck with the 8-character limit for now.
I appreciate your reply.
For those with strict compliance rules (like PCI-DSS, NIST, ISO), Microsoft is aware that this 8-character limit can be problematic. They recommend looking into hybrid identity solutions, Entra Domain Services, or even using SSO or federation to impose tougher policies outside of Azure itself.
Good to know, thanks!
Thanks for the reply, nice approach!