You deal with phishing attacks and malware every day, and the news is littered with articles on systems which are breached and have leaked username/password pairs. In aggregate, 10s of millions of credentials are exposed every month. Bad actors collect, sell, and share large lists of user account credentials from these breaches. Because 3 out of 4 users re-use credentials across multiple sites, there’s a good chance that your users’ credentials are in those lists.
As part of running our consumer and enterprise identity systems, Microsoft discovers account credentials posted publically and we are making this information available to you so you can protect your enterprise when your users’ account credentials are at risk.
Today we’re pleased to announce that this report is in preview for Azure AD Premium customers in the Azure management portal. The report surfaces any matches between these leaked credentials list and your tenant. You can go to the Azure management portal, select your Active Directory instance and look under your tenant’s reports for “Users with leaked credentials.”
The report shows you the users we’ve found and when we discovered the leaked credentials. To mitigate the security risk, we recommend you to enable Multi-Factor Authentication or reset the password for the accounts listed.
Multi-Factor Authentication can help mitigate the impact of leaked passwords by adding a layer of security to passwords. Multi-Factor Authentication not just provides additional security but it prepares you for recovery. To get started with Multi-Factor Authentication, check out this walkthrough video. If you’re familiar with Multi-Factor Authentication, go here to enable your users for it.
Along with Multi-Factor Authentication, user education can help reduce the likelihood. Make sure your users have read and are following your corporate IT policies.
Lastly, enforced password expiration can reduce the amount of time a leaked credential remains viable. You can configure password expiry duration using the Set-MsolPasswordPolicy cmdlet from the Azure Active Directory Module for Windows Powershell.
If you have questions or feedback on the leaked credentials report or any Azure Active Directory feature, please let us know through the feedback link in the Azure portal or through the Azure feedback forum here.
Hope this is useful and helps keep you and your employees safer!
David Howell (Twitter: @David_A_Howell)
Partner Group Program Manager, Microsoft Identity and Security Services Division