26Jun2020
03Jul2019
Should I set my password policy to never expire?
I had some people contact me about this after my Azure AD best practices guide for the SMB dropped. Microsoft has been saying to get rid of password expiration. They even award you more Secure Score points if you follow their advice and trash it. In fact, I personally have...
21Jan2019
Password write-back is now supported on Microsoft 365 Business Premium! (And how to setup SSPR for hybrid accounts)
Well, well. Isn't this a pleasant surprise? Microsoft recently granted another one of my wishes, which I have previously blogged about, here. (1) Self-service password reset (SSPR) is now supported for hybrid synced accounts on the Microsoft 365 Business Premium subscription. The welcome announcement made on Microsoft's tech community blog did...
26Nov2018
Coming soon to an Azure AD/Microsoft 365 subscription near you: Life without passwords?!
I previously commented when Microsoft released new password guidance, which is backed by their own research as well as that of NIST. A quick recap of that: Require passwords have at least 8 characters. Longer isn't necessarily better, as they cause users to choose predictable passwords, save passwords in files,...
07Dec2017
Password best practices controversy
Last year, Microsoft published this guidance on passwords, which contains some advice that departs from traditional best practices. For example: Eliminate character composition requirements (e.g. multiple character types @, 2, A, b) Eliminate mandatory periodic resets (do not enforce expiry) The reasoning is based on Microsoft's research, and the fact that...
04May2017