When changing or resetting the password for your MC domain/CUIMC email account, you will see this message if the new password you entered matches a global banned password list that was implemented at CUIMC in early October. The list blocks known common passwords and variations, such as substituting the character "@" for the letter "a" in a word.
When selecting a new password, if you see the message:
The password does not meet the password complexity requirements. Check the minimum password length, password complexity and password history requirements. (Exception...)
Try using less common words and character substitutions in your password. Using a phrase as a password will often work since these are not as common as a single word or name, and in general longer passwords are more secure. If you are still not able to select a new password please see current full instructions for changing or resetting your password, or contact us for assistance.
The list is part of a security feature called Password Protection that we have implemented for MC/CUIMC email accounts, which use a Microsoft platform called Azure Active Directory (AD). Both Azure AD and Password Protection are widely used at other organizations and companies for login accounts. Detailed technical information is here, but in short Microsoft analyzes data to determine "base terms that are often used as the basis for weak passwords" and adds them to the banned list.
When a desired password is checked against the global banned password list, it goes through a number of steps to rank its strength.
The checks generate a score for the desired password, and if it does not pass the minimum score it cannot be used.