15As a part of Client project, we are setting up a CRM Portal (aka PowerApps Portal) using the "Local Authentication" (also known as "Contact provider authentication") that comes naively with the Portal provisioning:
We have been asked to implement security control in Portal where credentials (of external contacts) are protected by ensuring:
 passwords/passphrases expire every 12 months
 password/passphrase stretching is implemented
 passwords/passphrases that are compromised are revoked
 Password/passphrase resets are random for each individual reset, not reused when resetting multiple accounts, and not based on another identifying factor such as the user’s name or the date.
Can someone please confirm if someone has handle above requirements with the local authentication setup and some guidance around how? Thanks.
