Skip to content

USE CASE 01 · AD_PROTECTION

Stop weak passwords before they're ever set.

An employee sets or resets a password and picks something weak, predictable, or based on your company name. PassVision rejects it at the moment of change, before it ever exists in your directory.

Request a Demo See Active Directory Protection
WHO IT'S FOR·IT / ACTIVE DIRECTORY ADMINS·MODULE: ACTIVE DIRECTORY PROTECTION

The problem

People pick what's easy to remember. Attackers count on it.

Every day, someone in your organization sets a new password. Left alone, they reach for the obvious: the company name plus a year, this season, a predictable pattern. A written policy can't stop that at the keyboard.

WITHOUT PASSVISION
Policy lives in a document nobody reads.
Weak passwords slip through and become tomorrow's breach.

How PassVision solves it

Policy enforced at the moment of change, not after.

PassVision enforces NIST 800-63B-aligned policy the instant a password is set (rejecting anything leaked, reused, or containing personal data), plus a real-time forbidden-words list of company-specific terms, scoped by OU, group, or user.

01

A user sets or resets a password

A standard Windows password change, nothing new for the user to learn.

02

Every check runs instantly

The NIST 800-63B-aligned policy rejects anything leaked, reused, or containing personal data.

03

Company-specific terms are blocked

A real-time forbidden-words list catches names, brands, and seasons, scoped by OU, group, or user.

04

The user gets an instant verdict

A weak choice is rejected on the spot; a strong one goes through unchanged.

This is Active Directory Protection at work, running on your domain controllers.

AD_PROTECTION · PASSWORD_FILTERDC-01
SET_PASSWORDk.demirBlocked
REASONCONTAINS COMPANY NAME
SET_PASSWORDa.reyesBlocked
REASONFOUND IN LEAK DATASET
SET_PASSWORDj.kellerAccepted
SCOPE CORP\financePOLICY NIST_800-63B

The outcome

The weak password is never created, so the exposure never exists.

Prevention, not cleanup.

Leaked, reused, and personal-data passwords are rejected before they exist in your directory.
Company-specific terms (names, brands, seasons) never make it into a password.
Policy is enforced at every change, automatically, not left in a document.

Stop the weak password before it exists.

See Active Directory Protection reject a weak password in real time, in your environment, on your terms.

Request a Demo Get a Free Assessment