Our weak credential scanning will continuously check your Microsoft 365 accounts to find weak passwords. When a weak password is identified, the impact will be assessed, and our team will notify you about the affected accounts.

When you sign up to the weak credential scanning service, our team will perform a discovery exercise to identify as many Microsoft 365 users as possible. These accounts will then be continuously scanned to check for both commonly used weak passwords, and weak passwords targeted specifically at your organisation.

The login attempts are run over long periods of time, letting the service operate well below limits which are likely to cause lockouts. By taking this approach, a large number of passwords can be checked against each account over time with a minimal risk of lockouts.