Password spraying is one of the most reliable techniques in offensive security...until it isn't. As more enterprises migrate identity to Microsoft Entra ID, a quietly enforced control called the Global Banned Password List (BPL) is degrading the effectiveness of traditional spraying approaches. Most security teams don't know how it works. Attackers are already figuring it out.
This matters to CISOs and security leaders validating their identity attack surface, red teamers and penetration testers who need realistic, environment-aware techniques, and IT and security operations teams responsible for enforcing strong authentication in Entra ID environments. If your organization runs Microsoft 365, Azure AD, or Entra ID (and most do) this is directly relevant to how your credentials are evaluated and how an adversary would attack them.
Password spraying has long been a staple technique in penetration testing and red teaming. However, its effectiveness has significantly declined as targets begin moving to Microsoft Entra ID as an identity provider. Microsoft’s Global Banned Password List (BPL) is a major factor behind this shift: a little known security measure designed to prevent users from selecting weak or easily guessable passwords. While this is a genuine improvement for organizations on Entra ID, attackers will adapt. The goal is to understand that adaptation before they do.
This led us to ask: How does Microsoft’s BPL work, and can we adapt our approach before the attackers do?
To find answers, we examined Microsoft's official documentation on Password Protection in Microsoft Entra ID. While Microsoft keeps the BPL confidential to prevent attackers from creating passwords that evade detection, the cybersecurity team at Synacktiv managed to extract and publish the list, making it publicly available on their GitHub repository.
Here's how Microsoft enforces these restrictions, and what it means for both offensive testing and defensive hardening.
"The global banned password list is automatically applied to all users in a Microsoft Entra tenant. There's nothing to enable or configure, and it can't be disabled. This global banned password list is applied to users when they change or reset their own password through Microsoft Entra ID."
When a user creates or changes a password, Microsoft Entra ID evaluates it through a multi-step process:
Let’s analyze the password P@$$w0rd2025:
Now, let’s slightly modify it to P@$$w0rd2025b@d:
The scoring logic creates a structural loophole: appending a small number of non-banned characters can make an otherwise rejected password valid. For defenders, this means user-selected passwords that appear complex may still be weak under real-world attack conditions. For penetration testers, it means spray lists built without BPL awareness will miss viable candidates and produce false assurance.
This is exactly the kind of identity control gap that surfaces during an internal penetration test or assumed breach engagement, where realistic credential attacks against Active Directory and Entra ID environments reveal what your security stack will and won't catch.
Understanding the evaluation process allowed us to build spray candidate lists more accurately. To automate this, we built a Python tool called bpl.py that evaluates whether a password will be accepted or rejected by Microsoft Entra ID before it's ever used in testing.
By screening candidates through bpl.py first, engagements become more precise: fewer failed attempts, more signal, less noise. This reflects how mature red team operations work: environment-aware, deliberate, and built to surface real risk rather than generate volume.
While developing bpl.py, we needed a large, realistic dataset of candidate passwords to test against. Manual generation wasn't scalable, so we trained a custom GPT model to automate the process.
We analyzed years of data from our password-cracking infrastructure to identify:
These patterns informed the BPL AI-Powered Password Generation GPT model, which generates realistic, environment-relevant password candidates for use in authorized testing.
BPL GPT prompts users with the following configuration options:
Generated candidates are then evaluated through bpl.py to confirm they meet the minimum score threshold before use.
The BPL is a real control but it's not a sufficient one on its own. Users can still create weak-but-compliant passwords. Spraying attacks against Entra ID environments are evolving to account for exactly this gap.
Organizations in healthcare, financial services, higher education, and manufacturing (i.e., industries that handle sensitive data and face regulatory pressure around access controls) are frequent targets of credential-based attacks. Password spraying remains one of the lowest-friction initial access techniques available to attackers, because it requires no malware, no exploit, and no physical access. It needs one valid credential.
Understanding how these attacks work in your environment is the starting point. Testing whether your controls actually stop them is the next step. A penetration test that simulates realistic credential attacks including BPL-aware spraying against your Entra ID configuration gives you direct visibility into that gap before someone else finds it.
If your program includes red team operations or purple team exercises, this kind of identity-focused adversary simulation belongs in scope. It's also a natural input for a fractional CISO or security advisor helping you evaluate your identity security posture against current threat patterns.
Microsoft Entra ID's Global Banned Password List has meaningfully reduced the effectiveness of traditional password spraying. But the underlying attack surface hasn't disappeared, it's changed shape. By understanding how Microsoft scores and evaluates passwords, penetration testers can build more accurate, environment-aware candidate lists. Defenders can use the same knowledge to configure identity controls and train users more effectively.
The gap isn't in Microsoft's design. It's in assuming the control is more comprehensive than it is.