Azure SQL (both Azure SQL Database and Azure SQL Managed Instance) both have different password complexity rules to SQL Server. I was reading an email discussion list and a poster asked where he could find the list of password complexity rules for Azure SQL. I said I'd never seen a list.
Well it turns out that there is a list, but not where you might have thought to look. They're spelled out in this article:
Identify the right Azure SQL Database SKU for your on-premises database (Data Migration Assistant) – SQL Server | Microsoft Docs
To avoid you reading the whole article, at the time of writing, these were the rules for Azure SQL Database:
- Your password must be at least 8 characters in length and no more than 128 characters in length.
- Your password must contain characters from three of the following categories – English uppercase letters, English lowercase letters, numbers (0-9), and non-alphanumeric characters (!, $, #, %, etc.).
- Your password cannot contain all or part of the login name. (Part of a login name is defined as three or more consecutive alphanumeric characters.)
Slightly more confusing is that the article says it's talking about the server admin password, but it also appears that this same list of restrictions applies to all logon/user passwords as well.
Azure SQL Managed Instance is exactly the same except it requires the password to be at least 16 characters in length.
I hope that helps someone, including myself when I next go looking for this.
2 thoughts on “SQL: Password complexity rules for Azure SQL”
Thanks for the article.
How to define/make changes to the Azure SQL Password policy
ex: increasing the minimum of Password characters required to 16 characters
No available option currently. Alternately, move to using Azure AD for authentication (now supported) and you have much more control over policy/MFA, etc.