When a user password change is received by the LSA, it notifies Enzoic’s Password Filter DLL. The Enzoic Service connects via HTTPS to the Enzoic Cloud API to check the new password and return a response. If the password is identified as compromised, it is rejected. If the password is not compromised, the password change operation is allowed to proceed.
Separately an Enzoic Console application is installed as a user interface to define the desired configuration. The configuration is stored in the Active Directory and replicated to other domain controllers via standard AD replication. The Enzoic Console is installed by default on the Domain Controller, but can be installed on any server connected to the domain.
Enzoic for Active Directory requires an active Internet connection. You can specify a proxy server if you do not want Enzoic for Active Directory communicating directly over the Internet. Please see Firewall Requirements below for the required IP whitelist.