"The most important thing to keep in mind when selecting a password is to choose one that is unique, and therefore hard to guess. We help you do this in the Microsoft Account and Azure AD system by dynamically banning commonly used passwords," Alex Simons, director of program management at Microsoft's Identity Division said in the post.
"When it comes to big breach lists, cybercriminals and the Azure AD Identity Protection team have something in common – we both analyze the passwords that are being used most commonly. Bad guys use this data to inform their attacks – whether building a rainbow table or trying to brute force accounts by trying popular passwords against them. What we do with the data is prevent you from having a password anywhere near the current attack list, so those attacks won't work."
The announcement referenced the news earlier this month that hackers were trying to sell 117 million user emails and passwords used for LinkedIn. The news, originally reported by Motherboard, signaled that a 2012 data breach was larger than initially thought and the tendency for users to create simple and common passwords was also highlighted by security experts.