USE CASE 01 · AD_PROTECTION
Stop weak passwords before they're ever set.
An employee sets or resets a password and picks something weak, predictable, or based on your company name. PassVision rejects it at the moment of change, before it ever exists in your directory.
The problem
People pick what's easy to remember. Attackers count on it.
Every day, someone in your organization sets a new password. Left alone, they reach for the obvious: the company name plus a year, this season, a predictable pattern. A written policy can't stop that at the keyboard.
How PassVision solves it
Policy enforced at the moment of change, not after.
PassVision enforces NIST 800-63B-aligned policy the instant a password is set (rejecting anything leaked, reused, or containing personal data), plus a real-time forbidden-words list of company-specific terms, scoped by OU, group, or user.
A user sets or resets a password
A standard Windows password change, nothing new for the user to learn.
Every check runs instantly
The NIST 800-63B-aligned policy rejects anything leaked, reused, or containing personal data.
Company-specific terms are blocked
A real-time forbidden-words list catches names, brands, and seasons, scoped by OU, group, or user.
The user gets an instant verdict
A weak choice is rejected on the spot; a strong one goes through unchanged.
This is Active Directory Protection at work, running on your domain controllers.
The outcome
The weak password is never created, so the exposure never exists.
Prevention, not cleanup.
Stop the weak password before it exists.
See Active Directory Protection reject a weak password in real time, in your environment, on your terms.