Medium

Weak password protection

Verifies if banned password list is enabled

Category: Password Policy
Default severity: Medium
Rule key: CHECK_WEAK_PASSWORD_PROTECTION
Last updated: February 5, 2026

How to fix it

Enable custom banned password list and enforce on password reset.

Further reading

Microsoft documentation →

Run this check on your tenant

EntraAnalyzer evaluates this rule automatically on every scan and emails you the results.

Get started — free first scan →