Predictable, easy-to-guess passwords are often the weak link that ends up breaking the security chain and attackers know this.
“They know to account for character substitutions like ‘$’ for ‘s’. They also that if there are complexity rules, most people will apply them in the same way: by starting a word with a capital letter and ending the password with a digit or punctuation. They know that requiring users to change their passwords periodically leads to other predictable patterns,” says Alex Simons, Director of Program Management at the Microsoft Identity Division.
So Microsoft is making sure that Azure AD and Windows Server Active Directory customers can prevent users from using such passwords.