Get Microsoft 365 Users with Weak Passwords

Native Solution

Microsoft 365 Permission Required

High

Global Admin, Security Admin, Password Admin, Global Reader or Security Reader

Option 1 Using Microsoft Entra Admin Center

Sign in to the Microsoft Entra admin center.
Go to the 'All users' tab under Identity»Users.
Select the desired user and click on the 'Properties' tab.
Here, you can see whether the desired users have weak password allowed or not by checking the 'DisableStrongPassword' in Password policies. The presence of 'DisableStrongPassword' here indicates that the user has a weak password.

Option 2 Using Windows PowerShell

Use the following commands to identify users allowed with weak passwords.
Windows PowerShell
```
 Connect-MsolService
```

Windows PowerShell

 Get-MsolUser | Where-Object { $_.StrongPasswordRequired -eq $false }

AdminDroid Solution

More than 150 reports are under free edition.FREE

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 reporter.
Navigate to the Users with Weak Password Allowed report under Reports»Security»Password Reports.

You can review Microsoft 365 users with weak passwords, including their sign-in status, usage location, department, and more.

Seamlessly gain insights into users with weak passwords and their sign-in status through AdminDroid's AI-powered charts.

Explore a full range of reporting options

Get the list of users with weak passwords on Microsoft 365 in a single view!

Elevate your Microsoft 365 password monitoring to new heights by taking an in-depth dive into AdminDroid's Azure AD password reports

Witness the report in action using the

Live Demo

Important Tips

Configure Microsoft 365 smart lockouts to block suspicious logins and protect your organization from password spray attacks.

Create strong password policies in Azure AD to prevent users from choosing weak or easily guessable passwords, thereby reducing the risk of accounts compromises.

Consider implementing multi-factor authentication in Microsoft 365 to add an extra layer of security to user accounts. This extra step enhances security, even if passwords are compromised.

Azure ADIdentify Microsoft 365 Users with Weak Password Allowed to Strengthen Password Security

Showing 1 of 5

What are the Microsoft 365 password complexity requirements? Why is it important to use a strong password policy in Microsoft 365? What is the password strength policy for Microsoft 365? What is password protection in Azure AD? How to turn off password complexity in Office 365?

What are the Microsoft 365 password complexity requirements?

By default, Entra ID enforces password complexity to enhance security. Users must include a combination of character types in their passwords based on the Office 365 password complexity settings. Below are the character restrictions allowed in Microsoft 365.

Character Restrictions:

Uppercase letters (A-Z)
Lowercase letters (a-z)
Numbers (0-9)
Symbols (e.g., !@#$%^&*)

Password Length

Ensure passwords are between 8 and 256 characters long. (Recent update: maximum length extended from 16 to 256 characters)

Password reset history

Users can reuse their last password when resetting a forgotten password.

Password Complexity Requirements

Ensure passwords contain at least three of the following: lowercase characters, uppercase characters, numbers (0-9), and symbols.

Password Expiry Duration

Microsoft 365 default password policy for the password expiry has been set to 90 days (about 3 months) which is a global setting applicable to entire organization.

Password Expiry Notification

Default notification will be sent 14 days before password expiry. The specific combination of character types and minimum password complexity requirements for Office 365 depend on how detailed your organization's policy settings are configured.

Why is it important to use a strong password policy in Microsoft 365?

Using a strong password policy in Microsoft 365 is crucial in avoiding risky sign-ins and protecting sensitive data. It strengthens overall security, mitigating the risk of cyber threats and data breaches.

However, disabling password complexity requirements in Microsoft 365 can have significant security implications:

Increased Vulnerability to Password Guessing: Without complex requirements, users may choose simple and easily guessable passwords, increasing susceptibility to password spray attacks. This makes it easier for attackers to compromise accounts and gain illicit access through automated login attempts.
Higher Risk of Credential Theft: Weak passwords are more susceptible to credential theft techniques such as phishing, where attackers trick users into disclosing their login credentials. Once obtained, these credentials can be used to compromise confidential data and resources.
Compromised User Accounts: Accounts with weak passwords are easier targets for attackers, putting sensitive information, documents, and internal systems at risk. This vulnerability increases the chances of unauthorized access, leading to potential data breaches, financial losses, and harm to the organization's reputation.

Overall, disabling password complexity in Microsoft 365 weakens security and raises the risk of cyberattacks and data breaches. Thus, maintaining strong password policies is crucial to protect organizational assets.

What is the password strength policy for Microsoft 365?

Strong password in Microsoft 365 is crucial to protect sensitive data and prevent security breaches. Keeping your Microsoft 365 password requirements up to date further strengthens your user accounts against brute force attacks.

Understanding how to create robust passwords within M365 is key to maintain a secure environment. While the password strength policy may vary based on organizational settings, certain elements remain consistent.

Minimum Length: Specifies the minimum number of characters required for a password. This is often set to a value of 8 or higher by default.
Password Expiration: Specifies how often users must change their passwords. This can range from a few days to several months.

Set Password Expiration Setting in Microsoft 365 Admin Center

Login to Microsoft 365 admin center.
Navigate to Settings»Org settings.
Click Security & privacy»Password expiration policy.
Here, you can select the number of days under 'Days before passwords expire' to notify users regarding the password expiration.

What is password protection in Azure AD?

Microsoft Entra ID offers specialized password protection settings that can be customized to suit your organization's specific needs and preferences.

Navigate to Protection»Authentication methods.
Under this category, select the password protection.

Smart Account Lockout Threshold: Limits the number of failed login attempts before an account is temporarily locked out for security purposes.
Lockout duration in seconds: The default Microsoft 365 Password Policy for lockout duration is 60 seconds (1 minute).
Configure Custom Banned Passwords: Azure AD Password Protection allows you to create a list of custom banned passwords beyond the global banned password list to block custom passwords. This empowers you with overall security posture by preventing users from choosing easily guessable passwords.
Password protection for Windows Server Active Directory: Mitigating weak passwords within your on-premises Active Directory environment is crucial for security. Consider enabling it for better security. Also, you can set the Protection mode based on your requirement.

Initially, consider setting the mode to "Audit". This allows you to monitor password filtering behavior and identify potential issues before enforcing password complexity requirements.

It's important for organizations to customize their Microsoft Entra password protection policies based on their specific security requirements and compliance standards.

AdminDroid lets admins regularly review and update password protection policies to address evolving security threats.

Make sure to verify your failed logins due to account lockouts that has occurred due to multiple attempts using incorrect username and password entries.
In this report, you can also get to know the attempted user account, machine IP with the attempted time.

How to turn off password complexity in Office 365?

Complex passwords make it much harder for hackers to guess them. This is especially important in setups where your on-premises Active Directory rules apply to Microsoft Entra ID users too.

However, sometimes users may struggle to remember complex passwords. In such rare cases, you might consider disabling the strong password requirement in Azure AD.

Additionally, since on-premises password policies take precedence over all Azure AD policies, you can choose to disable them in your Azure AD if necessary.

You can disable the strong password requirements for all users with the following command.

Connect-MgGraph -Scopes "User.Read.All"

Update-MgUser -UserId <UserPrincipalName> -PasswordPolicies "DisableStrongPassword"

AdminDroid Microsoft 365 Password ReportingAccurately monitor users with weak passwords for improved protection!

AdminDroid's Azure AD reporting tool offers comprehensive insights into user activities, MFA, passwords, licenses, and more. With detailed reports, admins can efficiently monitor and control user-related information in the Microsoft Entra ID portal to enhance security and compliance.

Discover a Streamlined Approach to Identify Users with Weak Password Using AdminDroid!

The Users with Weak Passwords report offers a detailed overview of Microsoft 365 users with weak passwords. This report provides essential information, including the weak password status, sign-in status, usage location, job title, etc.

A Quick Summary

Hub for Streamlined M365 Passwords Reporting

Simplify password management with our Microsoft 365 password dashboard, offering insights on password policy status, password expiry, password never changed, and more.

Enhance Security with AdminDroid's SSPR Monitoring

AdminDroid enables real-time monitoring of user (SSPR) self-service password resets to ensure swift and secure password changes.

Enhanced Visualization of Expired Password Metrics

With AdminDroid's advanced graphs and charts, visualize the daily password expired summary in your Microsoft 365 organization.

Automated MFA Reports for Weak Password Users

With scheduling capability, you can automatically get the MFA non-activated users in your inbox. This helps you to enable the MFA for users with weak passwords.

Real-Time Monitoring of User Password Changes with AdminDroid

With AdminDroid, monitor M365 user password changes in real-time and assess their strength instantly if required.

Alert on Risky Sign-ins Activity to prevent password spray attacks

Set up alerts for risky sign-ins in your tenant to find out the suspicious logins caused by the password spray attacks.

AdminDroid offers detailed reports for managing Office 365 password metrics and enforcing robust password policies. Gain real-time insights into account lockouts, login failures, and self-service password resets to detect and address potential threats promptly. Maintain continuous visibility into password-related activities will enhance your security and compliance.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps in managing Microsoft 365 weak passwords

The following are the possible errors and troubleshooting hints while dealing with Microsoft 365 weak passwords.

Error: You can’t reset your own password because the password reset isn’t properly set up for your organization.

This error occurs when users try to reset their password, when the self-service password reset is disabled in your organization.

Troubleshooting hint :You must contact your administrator to reset your password and to check your organization’s setup.

Error: The value must be between 5 and 18000 (Occurring while setting out the lockout duration in Entra ID).

The lockout duration in Azure AD password protection can be set between 5 seconds and 18000 seconds (5 hours).

Troubleshooting hint :Adjust the value to a higher number within the valid range (e.g., 30 seconds, 60 seconds).

Error: Update-MgUser : Insufficient privileges to complete the operation.

This error occurs when the user connects Graph PowerShell module without required permissions.

Troubleshooting hint :Connect the Microsoft Graph module with global admin or security admin privileges.

Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All"

Error: Set-MsolUser : Access Denied. You do not have permissions to call this cmdlet.

The error indicates that the user running the PowerShell command does not have the necessary permissions to execute the operation.

Troubleshooting hint :Ensure that the user account executing the PowerShell script has the appropriate permissions assigned in Microsoft 365. This typically requires administrative privileges or specific roles assigned within the Microsoft 365 admin center.

Error: Update-MgUser: The specified user ID is invalid or does not exist.

This error occurs when the user ID provided to the Update-MgUser cmdlet is incorrect or doesn't correspond to an existing user in the Microsoft 365 environment.

Troubleshooting hint :Double-check the user ID you're using in the command and ensure that it matches the ID of an existing user. You can verify the user ID by using commands like Get-MgUser or by checking the user's details in the Microsoft 365 admin center.

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Get Weak Password Users Report in Azure AD