🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Azure AD

How to Get Weak Password Users Report in Azure AD

Allowing your Microsoft 365 users to sign in using weak passwords will pose a significant risk to your organization's data. These easily guessable passwords are susceptible to brute-force attacks and can easily be compromised by cyber intruders. Regularly monitoring users with weak passwords and enforcing strong password policies are essential for security. Get insights into weak passwords to enhance your security posture.

Solution 1
Solution 2
Solution 3
Important Tips
Errors and Resolution Steps
FAQs

Using Microsoft Entra Admin Center

Microsoft 365 Permission Required
Global Admin, Security Admin, Password Admin, Global Reader or Security Reader
  • Sign in to the Microsoft Entra admin center.
  • Go to the 'All users' tab under Identity»Users.
  • Select the desired user and click on the 'Properties' tab.
  • Here, you can see whether the desired users have weak password allowed or not by checking the 'DisableStrongPassword' in Password policies. The presence of 'DisableStrongPassword' here indicates that the user has a weak password.
Using Microsoft Entra Admin Center

Using Windows PowerShell

Microsoft 365 Permission Required
Global Admin, Security Admin, Password Admin, Global Reader or Security Reader
  • Use the following commands to identify users allowed with weak passwords.
  • Windows PowerShell Windows PowerShell 
     Connect-MsolService
  • Windows PowerShell Windows PowerShell 
     Get-MsolUser | Where-Object { $_.StrongPasswordRequired -eq $false }
Using Windows PowerShell
AdminDroid Microsoft 365 Password Reporting

Accurately monitor users with weak passwords for improved protection!

AdminDroid's Azure AD reporting tool offers comprehensive insights into user activities, MFA, passwords, licenses, and more. With detailed reports, admins can efficiently monitor and control user-related information in the Microsoft Entra ID portal to enhance security and compliance.

Hub for Streamlined M365 Passwords Reporting

Simplify password management with our Microsoft 365 password dashboard, offering insights on password policy status, password expiry, password never changed, and more.

Enhance Security with AdminDroid's SSPR Monitoring

AdminDroid enables real-time monitoring of user (SSPR) self-service password resets to ensure swift and secure password changes.

Enhanced Visualization of Expired Password Metrics

With AdminDroid's advanced graphs and charts, visualize the daily password expired summary in your Microsoft 365 organization.

Automated MFA Reports for Weak Password Users

With scheduling capability, you can automatically get the MFA non-activated users in your inbox. This helps you to enable the MFA for users with weak passwords.

Real-Time Monitoring of User Password Changes with AdminDroid

With AdminDroid, monitor M365 user password changes in real-time and assess their strength instantly if required.

Alert on Risky Sign-ins Activity to prevent password spray attacks

Set up alerts for risky sign-ins in your tenant to find out the suspicious logins caused by the password spray attacks.

AdminDroid offers detailed reports for managing Office 365 password metrics and enforcing robust password policies. Gain real-time insights into account lockouts, login failures, and self-service password resets to detect and address potential threats promptly. Maintain continuous visibility into password-related activities will enhance your security and compliance.

Explore a full range of reporting options
Download Live Demo

Important Tips

Configure Microsoft 365 smart lockouts to block suspicious logins and protect your organization from password spray attacks.

Create strong password policies in Azure AD to prevent users from choosing weak or easily guessable passwords, thereby reducing the risk of accounts compromises.

Consider implementing multi-factor authentication in Microsoft 365 to add an extra layer of security to user accounts. This extra step enhances security, even if passwords are compromised.

Common Errors and Resolution Steps

The following are the possible errors and troubleshooting hints while dealing with Microsoft 365 weak passwords.

Error You can’t reset your own password because the password reset isn’t properly set up for your organization.

This error occurs when users try to reset their password, when the self-service password reset is disabled in your organization.

Fix You must contact your administrator to reset your password and to check your organization’s setup.

Error The value must be between 5 and 18000 (Occurring while setting out the lockout duration in Entra ID).

The lockout duration in Azure AD password protection can be set between 5 seconds and 18000 seconds (5 hours).

Fix Adjust the value to a higher number within the valid range (e.g., 30 seconds, 60 seconds).

Error Update-MgUser : Insufficient privileges to complete the operation.

This error occurs when the user connects Graph PowerShell module without required permissions.

Fix Connect the Microsoft Graph module with global admin or security admin privileges. 
Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All"

Error Set-MsolUser : Access Denied. You do not have permissions to call this cmdlet.

The error indicates that the user running the PowerShell command does not have the necessary permissions to execute the operation.

Fix Ensure that the user account executing the PowerShell script has the appropriate permissions assigned in Microsoft 365. This typically requires administrative privileges or specific roles assigned within the Microsoft 365 admin center.

Error Update-MgUser: The specified user ID is invalid or does not exist.

This error occurs when the user ID provided to the Update-MgUser cmdlet is incorrect or doesn't correspond to an existing user in the Microsoft 365 environment.

Fix Double-check the user ID you're using in the command and ensure that it matches the ID of an existing user. You can verify the user ID by using commands like Get-MgUser or by checking the user's details in the Microsoft 365 admin center.
Azure AD
Frequently Asked Questions

Identify Microsoft 365 Users with Weak Password Allowed to Strengthen Password Security

What are the Microsoft 365 password complexity requirements?
Why is it important to use a strong password policy in Microsoft 365?
What is the password strength policy for Microsoft 365?
What is password protection in Azure AD?
How to turn off password complexity in Office 365?

1. What are the Microsoft 365 password complexity requirements?

By default, Entra ID enforces password complexity to enhance security. Users must include a combination of character types in their passwords based on the Office 365 password complexity settings. Below are the character restrictions allowed in Microsoft 365.

Character Restrictions:

  • Uppercase letters (A-Z)
  • Lowercase letters (a-z)
  • Numbers (0-9)
  • Symbols (e.g., !@#$%^&*)

Password Length

Ensure passwords are between 8 and 256 characters long. (Recent update: maximum length extended from 16 to 256 characters)

Password reset history

Users can reuse their last password when resetting a forgotten password.

Password Complexity Requirements

Ensure passwords contain at least three of the following: lowercase characters, uppercase characters, numbers (0-9), and symbols.

Password Expiry Duration

Microsoft 365 default password policy for the password expiry has been set to 90 days (about 3 months) which is a global setting applicable to entire organization.

Password Expiry Notification

Default notification will be sent 14 days before password expiry. The specific combination of character types and minimum password complexity requirements for Office 365 depend on how detailed your organization's policy settings are configured.

2. Why is it important to use a strong password policy in Microsoft 365?

Using a strong password policy in Microsoft 365 is crucial in avoiding risky sign-ins and protecting sensitive data. It strengthens overall security, mitigating the risk of cyber threats and data breaches.

However, disabling password complexity requirements in Microsoft 365 can have significant security implications:

  • Increased Vulnerability to Password Guessing: Without complex requirements, users may choose simple and easily guessable passwords, increasing susceptibility to password spray attacks. This makes it easier for attackers to compromise accounts and gain illicit access through automated login attempts.
  • Higher Risk of Credential Theft: Weak passwords are more susceptible to credential theft techniques such as phishing, where attackers trick users into disclosing their login credentials. Once obtained, these credentials can be used to compromise confidential data and resources.
  • Compromised User Accounts: Accounts with weak passwords are easier targets for attackers, putting sensitive information, documents, and internal systems at risk. This vulnerability increases the chances of unauthorized access, leading to potential data breaches, financial losses, and harm to the organization's reputation.

Overall, disabling password complexity in Microsoft 365 weakens security and raises the risk of cyberattacks and data breaches. Thus, maintaining strong password policies is crucial to protect organizational assets.

3. What is the password strength policy for Microsoft 365?

Strong password in Microsoft 365 is crucial to protect sensitive data and prevent security breaches. Keeping your Microsoft 365 password requirements up to date further strengthens your user accounts against brute force attacks.

Understanding how to create robust passwords within M365 is key to maintain a secure environment. While the password strength policy may vary based on organizational settings, certain elements remain consistent.

  • Minimum Length: Specifies the minimum number of characters required for a password. This is often set to a value of 8 or higher by default.
  • Password Expiration: Specifies how often users must change their passwords. This can range from a few days to several months.

Set Password Expiration Setting in Microsoft 365 Admin Center

  • Login to Microsoft 365 admin center.
  • Navigate to Settings»Org settings.
  • Click Security & privacy»Password expiration policy.
  • Here, you can select the number of days under 'Days before passwords expire' to notify users regarding the password expiration.
org-settings

4. What is password protection in Azure AD?

Microsoft Entra ID offers specialized password protection settings that can be customized to suit your organization's specific needs and preferences.

  • Navigate to Protection»Authentication methods.
  • Under this category, select the password protection.
authentication-methods
  • Smart Account Lockout Threshold: Limits the number of failed login attempts before an account is temporarily locked out for security purposes.
  • Lockout duration in seconds: The default Microsoft 365 Password Policy for lockout duration is 60 seconds (1 minute).
  • Configure Custom Banned Passwords: Azure AD Password Protection allows you to create a list of custom banned passwords beyond the global banned password list to block custom passwords. This empowers you with overall security posture by preventing users from choosing easily guessable passwords.
  • Password protection for Windows Server Active Directory: Mitigating weak passwords within your on-premises Active Directory environment is crucial for security. Consider enabling it for better security. Also, you can set the Protection mode based on your requirement.

Initially, consider setting the mode to "Audit". This allows you to monitor password filtering behavior and identify potential issues before enforcing password complexity requirements.

It's important for organizations to customize their Microsoft Entra password protection policies based on their specific security requirements and compliance standards.

AdminDroid lets admins regularly review and update password protection policies to address evolving security threats.

  • Make sure to verify your failed logins due to account lockouts that has occurred due to multiple attempts using incorrect username and password entries.
  • In this report, you can also get to know the attempted user account, machine IP with the attempted time.
login-failures

5. How to turn off password complexity in Office 365?

Complex passwords make it much harder for hackers to guess them. This is especially important in setups where your on-premises Active Directory rules apply to Microsoft Entra ID users too.

However, sometimes users may struggle to remember complex passwords. In such rare cases, you might consider disabling the strong password requirement in Azure AD.

Additionally, since on-premises password policies take precedence over all Azure AD policies, you can choose to disable them in your Azure AD if necessary.

You can disable the strong password requirements for all users with the following command.

Connect-MgGraph -Scopes "User.Read.All" 
Update-MgUser -UserId <UserPrincipalName> -PasswordPolicies "DisableStrongPassword"

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Azure AD
How to Get Weak Password Users Report in Azure AD
Azure AD Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo