For ThreatLocker webinar series 100 days to secure your environment: Week 1

NOTE: Some Group Policy settings might require the necessary ADMX to appear in Group Policy Management Editor. You can download them here.

Password policies should be enforced at the domain level but can also be enforced through ThreatLocker Configuration Manager. Whether you’re using Entra ID, Group Policy, or Configuration Manager, this is one of the first steps to take to secure your environment.

See the steps outlined below to configure these password policies depending on your preference of enforcement:

Group Policy (Windows Server Active Directory)

Steps for configuring password policy via Group Policy:

1. Configure password policies:
   a. In the Group Policy Management Editor, expand the Computer Configuration node.
   b. Navigate to Policies > Windows Settings > Security Settings > Account Policies > Password Policy.

2. Set password length:
   a. Minimum password length:
       i. Double-click Minimum password length.
       ii. Set the value for the minimum number of characters. For example, to require at least 8 characters, enter 8.
       iii. Click OK.
   b. Maximum password length:
       1. Windows Server doesn't have a specific policy for maximum password length by default. However, you can limit this indirectly by using Password Complexity policies or enforcing other restrictions through custom tools or scripts.

‍

Entra ID (Azure AD)

Steps for configuring password policies in Entra ID (Azure AD):

1. Sign in to the Entra ID.
2. Password Protection Settings:
   a. Under the Protection section, click on Authentication Methods.
   b. On the Authentication Methods page, click on Password Protection.

3. Configure password policies:
   a. Here, you can configure various password policies like:
       i. Minimum password length: You can set the minimum number of characters required for passwords (e.g., 8 characters).
       ii. Password complexity: Azure AD includes built-in complexity requirements to make passwords stronger (e.g., requiring both lowercase and uppercase letters, numbers, and special characters).

‍

NOTE: Azure AD also includes a lockout feature to handle failed login attempts and a password expiration policy, although the latter is typically applied via Conditional Access or other means.

You can also use Conditional Access Policies and Identity Protection in Azure AD to enforce more advanced security practices, such as multi-factor authentication (MFA) and custom password reset policies.

ThreatLocker (Configuration Manager)

Steps for configuring password policies in ThreatLocker (Configuration Manager):

1. Sign in to the ThreatLocker and navigate to Configuration Manager module.
2. ‍Password protection settings:
   a. Under the New Policy section, click on Drop down menu.
   b. On the drop down page, look for Local User Account Management.
   c. Here, you can configure various password policies like:
       i. Minimum password length: You can set the minimum number of characters required for passwords (e.g., 8 characters).
       ii. Other policies include password complexity requirements, password protected screen saver, and minimum/maximum password age.

Implementing strong password policies is one of the first steps to securing your environment. These policies can be enforced through ThreatLocker Configuration Manager, Group Policy, or Entra ID, providing flexibility across different management approaches.

Like what you see? There's more.

Register for the no-cost ThreatLocker webinar series 100 days to secure your environment today.

‍