About fine-grained password policies

This page explains the fine-grained password policies (FGPP) concepts and related best practices for Managed Service for Microsoft Active Directory.

Overview

You can use FGPP to define and enforce strong password settings on a specific Active Directory user or group. Note that password policies are different from the default domain password policy which is configured by a group policy and linked to the root of the domain.

FGPP is set in Password Settings Objects (PSO). Each PSO has a precedence value that indicates its priority. The lower this value, the higher the priority of that PSO. Managed Microsoft AD creates ten PSOs with default settings. You cannot change the names or precedences of these PSOs, but you can change the settings. For more information about the pre-created PSOs, see Password Settings Objects.

Policy settings

Each PSO can contain the following policy settings:

What's next

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月24日 UTC.