diff --git a/releasenotes/notes/password-contains-semicolon-error-5c63154508759fa0.yaml b/releasenotes/notes/password-contains-semicolon-error-5c63154508759fa0.yaml
new file mode 100644
index 0000000000000..0cdac9713d27e
--- /dev/null
+++ b/releasenotes/notes/password-contains-semicolon-error-5c63154508759fa0.yaml
@@ -0,0 +1,5 @@
+---
+enhancements:
+  - |
+    The Windows Agent MSI now shows the user an error message
+    if the provided password contains a semicolon.
diff --git a/tools/windows/DatadogAgentInstaller/CustomActions.Tests/ProcessUserCustomActions/UserCustomActionsTests.cs b/tools/windows/DatadogAgentInstaller/CustomActions.Tests/ProcessUserCustomActions/UserCustomActionsTests.cs
index 0dc6f1a348f27..8ab1c972a1b09 100644
--- a/tools/windows/DatadogAgentInstaller/CustomActions.Tests/ProcessUserCustomActions/UserCustomActionsTests.cs
+++ b/tools/windows/DatadogAgentInstaller/CustomActions.Tests/ProcessUserCustomActions/UserCustomActionsTests.cs
@@ -165,5 +165,19 @@ public void ProcessDdAgentUserCredentials_With_Local_System_And_Current_User_Loc
                 .Contain(kvp => kvp.Key == "DDAGENTUSER_RESET_PASSWORD" && string.IsNullOrEmpty(kvp.Value)).And
                 .Contain(kvp => kvp.Key == "DDAGENTUSER_PROCESSED_PASSWORD" && string.IsNullOrEmpty(kvp.Value));
         }
+
+        [Fact]
+        public void ProcessDdAgentUserCredentials_Catch_Semicolon_In_Password()
+        {
+            Test.Session
+                .Setup(session => session["DDAGENTUSER_NAME"]).Returns("ddagentuser");
+            Test.Session
+                .Setup(session => session["DDAGENTUSER_PASSWORD"]).Returns("password;123");
+
+            Test.Create()
+                .ProcessDdAgentUserCredentials()
+                .Should()
+                .Be(ActionResult.Failure);
+        }
     }
 }
diff --git a/tools/windows/DatadogAgentInstaller/CustomActions/ProcessUserCustomActions.cs b/tools/windows/DatadogAgentInstaller/CustomActions/ProcessUserCustomActions.cs
index ed3cc378bcafc..8368a2d42c253 100644
--- a/tools/windows/DatadogAgentInstaller/CustomActions/ProcessUserCustomActions.cs
+++ b/tools/windows/DatadogAgentInstaller/CustomActions/ProcessUserCustomActions.cs
@@ -506,6 +506,10 @@ public ActionResult ProcessDdAgentUserCredentials(bool calledFromUIControl = fal
                     _session.Log("Ignoring provided password because account is a service account");
                     ddAgentUserPassword = null;
                 }
+                else if (!string.IsNullOrEmpty(ddAgentUserPassword))
+                {
+                    TestValidAgentUserPassword(ddAgentUserPassword);
+                }
 
                 _session["DDAGENTUSER_PROCESSED_PASSWORD"] = ddAgentUserPassword;
             }
@@ -526,6 +530,17 @@ public ActionResult ProcessDdAgentUserCredentials(bool calledFromUIControl = fal
             return ActionResult.Success;
         }
 
+        private void TestValidAgentUserPassword(string ddAgentUserPassword)
+        {
+            // password cannot contain semicolon
+            // semicolon is the delimiter for CustomActionData, and we don't have special handling for this.
+            // TODO: WINA-1226
+            if (ddAgentUserPassword.Contains(";"))
+            {
+                throw new InvalidAgentUserConfigurationException("The password provided contains an invalid character. Please provide a password that does not contain a semicolon.");
+            }
+        }
+
         public static ActionResult ProcessDdAgentUserCredentials(Session session)
         {
             return new ProcessUserCustomActions(new SessionWrapper(session)).ProcessDdAgentUserCredentials(