Azure AD and password synchronization

There is always a big discussion how safe it is to synchronize "password" to Microsoft cloud – Azure AD. First of all, passwords are never synchronized to the cloud. Actually, the result of, 1000th iteration of the HMAS-SHA256 hashing function is being synchronized to the cloud. Microsoft is in this case also using per user salt when they are creating hash to be sent to the cloud. This means that even when two users are using same password, hash in the cloud would look different....

read more