Yes. It has been tested and works fine on Windows Server 2022. It also works on Windows Server 2008, 2012, 2016, 2019.

Yes. The client operates as a Windows credential provider. It works with Duo's credential provider using their method of whitelisting the GUID of our provider.

Yes, Yes and Yes. We have many worldwide deployments using BMC Control SA or Passport. We also have many healthcare providers running PSynch and Courion. In all cases, the BMC, PSynch and Courion do not provide native password filtering (only filtering if you change passwords via their web page). Thus, their password filtering rules can be bypassed.

The default dictionary (6500 words) takes about 5 milliseconds to process. Our dictionary check looks for the dictionary word anywhere within the new password. It can also be configured to dynmically check for variations of the dictioanry word based on substitution characters like a typical substitution of a dollar sign ($) for the letter S. That increases processing time but is still negligible.

Yes. All group policies will appear in English. If you are using dictionary checking the dictionary file may be saved in an ANSI, Unicode or UTF-8 formats. The later formats supports characters from all languages. The optional client currently provides messages in English, German, French, Italian and Spanish.

Yes.  You still configure a single GPO to control nFront Password Filter.  However, within each policy you can specify multiple OU paths to include or exclude.  You can also include and exclude groups.

Yes. You can apply a policy to one security group and the policy will apply to users who are members of that group and any groups nested inside of that group.

No.

No.

Yes. The cient can display the rules on the password change screen and show a more detailed failure message. The message for each rule and each failure message can be modified for any given language. You can also display a custom message along with the dynamically calculated rules.