Low severityauthentication
Power BI Error:
AADSTS120018
What does this error mean?
The new password chosen during a password change is too similar to a previous password or violates the fuzzy password policy.
Common causes
- 1The new password is a minor variation of a previous password (e.g. Summer2025! → Summer2026!) and is caught by fuzzy matching
- 2The password contains a banned term from Microsoft's global banned password list or the tenant's custom banned password list
- 3The password resembles the user's name, UPN, company name, or other tenant-specific banned substring
- 4Common character substitutions (P@ssw0rd, Welc0me!) are normalized and matched against banned terms
- 5The tenant has Entra Password Protection enabled with custom banned lists in enforced (not audit-only) mode
How to fix it
- 1Choose a new password that is not a variation of any recent password — change length, structure and base words, not just digits or symbols
- 2Avoid the company name, username, product names, seasons, months and years; these are typically on the global or tenant banned list
- 3Use a passphrase (4+ unrelated words) instead of a single word with substitutions, since fuzzy matching normalizes leetspeak
- 4Admins: review banned password lists and Password Protection mode under Entra ID → Authentication methods → Password protection
- 5If the user is federated or syncs from on-prem AD, ensure the Azure AD Password Protection DC agent and proxy are healthy so on-prem password changes evaluate the same policy