Hey everyone! I'm looking for advice on how to enforce stronger password requirements for my users on Entra ID. I want to set a minimum password length of 14 characters, but it seems like Entra only allows a minimum of 8 characters with no option to change that. All of our devices are managed via Intune, and the users are solely using Entra ID with no on-premises synchronization. Any suggestions on how to enforce these requirements given the limited controls in Entra? Thanks for any help!
2 Answers
One simple approach is to send an email to your users telling them about the new 14-character minimum requirement. Just remind them how important it is to enhance security by updating their passwords accordingly.
Have you considered investing time into building proper Conditional Access Policies (CAPs) that require Multi-Factor Authentication? You could also look into going passwordless, which is a more secure option.
We do have MFA set up, but unfortunately, the 14-character requirement is something we have to comply with from an external board. It’s frustrating as we even had to disable Windows Hello since it didn’t meet their security standards.