The Azure AD Password Protection and Smart Lockout has recently been announced by Microsoft, this is a new Azure AD feature to help customers to reduce the amount of bad, commonly used passwords that are the most likely to be comprised.
If you’re not using cloud only identity, the feature can also be integreated with your on-premises Active Directory Domain Controllers directly.
https://cloudblogs.microsoft.com/enterprisemobility/2018/06/19/azure-ad-password-protection-and-smart-lockout-are-now-in-public-preview/
More technical detail about how this works for cloud identitiy can be found here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad.
For on-premises Active Directory : https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises
There is no reason not to enable this feature if you’re using cloud only identity (although it’s currently in preview), however placement of the agents for on-premises Active Directory will require some more thought.
