EIDSCA.PR03 - Default Settings - Password Rule Settings - Enforce custom list.
Overviewβ
When enabled, the words in the list below are used in the banned password system to prevent easy-to-guess passwords.
Password protection in Microsoft Entra ID - Microsoft Entra ID - Microsoft Learn
Test scriptβ
https://graph.microsoft.com/beta/settings
.values -eq 'True'
Related linksβ
- Open in Graph Explorer
- directorySetting resource type - Microsoft Graph beta | Microsoft Learn
- View in Microsoft Entra admin center
MITRE ATT&CKβ
| Tactic | Technique | Mitigation |
|---|---|---|
| TA0006 - Credential Access - Credential Access | T1110 - Brute Force | M1018 - User Account Management M1027 - Password Policies |
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | EIDSCA.PR03 |
| Severity | Medium |
| Suite | Entra ID SCA |
| Category | General |
| PowerShell test | Test-MtEidscaPR03 |
| Tags | EIDSCA, EIDSCA.PR03 |
Sourceβ
- Pester test:
tests/EIDSCA/Test-EIDSCA.Generated.Tests.ps1 - PowerShell source:
powershell/internal/eidsca/Test-MtEidscaPR03.ps1