Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Compromised credentials remain one of the most common ways attackers gain initial access, even in environments that use multifactor authentication and modern authentication protocols. Password risks are often spread between different tools and identity providers, which can make it difficult for security teams to assess exposure and prioritize remediation.
The Password protection page in Microsoft Defender consolidates password-related risks from your identity sources into a single, prioritized view. Use it to find leaked credentials, exposed passwords, weak password policies, and configuration issues in on-premises Active Directory, Microsoft Entra ID, federated identities, and non-Microsoft providers like Okta. For each issue, you can see why an account is at risk and take action—such as resetting a password or disabling an account—directly from the page.
Prerequisites
To access the Password protection page, you need:
- A Microsoft Defender for Identity license, or another license that includes Defender for Identity (such as E5), and a Microsoft Entra ID Protection license.
- A user role with at least Security Reader permissions.
The Password protection page
In the Microsoft Defender portal, select Identities > Password protection.
The page includes a left panel where you select the identity source you want to review. Supported identity sources include:
- Active Directory: Available on all four tabs.
- Microsoft Entra ID: Available on the Leaked Credentials tab.
- Okta: Available on the Password Hygiene and Password Policies tabs.
The page has four tabs:
- Password Hygiene: Shows accounts with password weaknesses that attackers commonly exploit. Each item is a recommendation you can act on to reduce risk.
- Password Policies: Shows password policies from your identity providers side by side. Use this tab to check whether your policies meet current security standards. See Policy information for details.
- Leaked Credentials: Shows accounts with credentials that were found outside your organization, for example on public paste sites or the dark web. From this tab, you can reset passwords or disable accounts, individually or in bulk.
- Exposed Passwords: Shows accounts and settings that store or expose passwords in insecure ways, such as in plain text or in easily discoverable locations. Examples include clear-text credentials in Active Directory attributes (identified using AI-based detection) and reversible passwords in Group Policy Objects (GPOs).
Policy information
The Password Policies tab shows:
| Column | Description |
|---|---|
| Name | The name of the password policy. |
| Provider | The identity provider that enforces the policy. |
| Maximum password age | The maximum number of days before a password must be changed. |
| Minimum password age | The minimum number of days before a password can be changed. |
| Password history length | The number of previous passwords that can't be reused. |
| Password complexity | Whether password complexity requirements are enabled. |
| Lockout threshold | The number of failed sign-in attempts before the account is locked. |
| Lockout duration | The duration of the account lockout after the threshold is reached. |
Account information
The Password Hygiene, Leaked Credentials, and Exposed Passwords tabs show account-level data with this information:
| Column | Description |
|---|---|
| Name | The display name of the account. |
| SID | The Security Identifier of the account. |
| Entity type | The type of entity (for example, User or Computer). |
| Domain | The Active Directory domain the account belongs to. |
| Service account type | The type of service account, if applicable. |