Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini menjelaskan konsep kebijakan sandi terperinci (FGPP) dan
praktik terbaik terkait untuk Layanan Terkelola untuk Microsoft Active Directory.
Ringkasan
Anda dapat menggunakan
FGPP
untuk menentukan dan menerapkan setelan sandi yang kuat pada pengguna atau grup Active Directory
tertentu. Perhatikan bahwa kebijakan sandi berbeda dengan kebijakan sandi domain
default yang dikonfigurasi oleh kebijakan grup dan ditautkan ke root
domain.
FGPP ditetapkan di Objek Setelan Sandi (PSO). Setiap PSO memiliki nilai precedence
yang menunjukkan prioritasnya. Makin rendah nilai ini, makin tinggi prioritas
PSO tersebut. Microsoft AD Terkelola membuat sepuluh PSO dengan setelan default. Anda
tidak dapat mengubah nama atau prioritas PSO ini, tetapi Anda dapat mengubah
setelannya. Untuk informasi selengkapnya tentang PSO yang telah dibuat sebelumnya, lihat Objek
Setelan Sandi.
Setelan kebijakan
Setiap PSO dapat berisi setelan kebijakan berikut:
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-11 UTC."],[],[],null,["# About fine-grained password policies\n\nThis page explains the fine-grained password policies (FGPP) concepts and\nrelated best practices for Managed Service for Microsoft Active Directory.\n\nOverview\n--------\n\nYou can use\n[FGPP](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770394(v=ws.10))\nto define and enforce strong password settings on a specific Active Directory\nuser or group. Note that password policies are different from the default domain\npassword policy which is configured by a group policy and linked to the root of\nthe domain.\n\nFGPP is set in Password Settings Objects (PSO). Each PSO has a precedence\nvalue that indicates its priority. The lower this value, the higher the priority\nof that PSO. Managed Microsoft AD creates ten PSOs with default settings. You\ncannot change the names or precedences of these PSOs, but you can change the\nsettings. For more information about the pre-created PSOs, see [Password\nSettings Objects](/managed-microsoft-ad/docs/objects#password_settings_objects).\n\n### Policy settings\n\nEach PSO can contain the following policy settings:\n\n- [Complexity enabled](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements)\n\n- [Lockout duration](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh994569(v=ws.10))\n\n- [Lockout observation window](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh994568(v=ws.10))\n\n- [Lockout threshold](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh994574(v=ws.10))\n\n- [Maximum password age](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh994573(v=ws.10))\n\n- [Minimum password length](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh994560(v=ws.10))\n\n- [Password history count](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/enforce-password-history)\n\n- [Reversible encryption enabled](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/hh994559(v=ws.10))\n\nWhat's next\n-----------\n\n- [Configure fine-grained password policies](/managed-microsoft-ad/docs/how-to-use-fgpp)"]]
