Body
Microsoft 365 requires that all users using its identity services adhere to their complex password policy requirements.
The table below show their password requirements.
| Property |
Requirements |
| Characters allowed |
A – Z
a - z
0 – 9
@ # $ % ^ & * - _ ! + = [ ] { } | \ : ' , . ? / ` ~ " ( ) ; < >
Blank space |
| Characters not allowed |
Unicode characters |
| Password restrictions |
A minimum of 8 characters and a maximum of 256 characters.
Requires three out of four of the following types of characters:
- Lowercase characters
- Uppercase characters
- Numbers (0-9)
- Symbols (see the previous password restrictions) |
| Password change history |
The last password can't be used again when the user changes a password. |
| Password reset history |
The last password can be used again when the user resets a forgotten password. |
Source:
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#azure-ad-password-policies