Remove From My Forums

Change Azure AD (AAD) password policy for cloud only accounts?

Question
0

Sign in to vote
From what I have been reading you need an on prem AD to make changes to Azure AD default password policy. Essentially the current policy is pretty weak with allowing only an 8-16 character password which I would like to change for my tenant. Is it possible to change the default policy (including length, history, filters, complexity)? I am not able to find an option except the expiration duration and notification.

Alex
- Moved by SadiqhAhmed-MSFTMicrosoft employee Tuesday, February 13, 2018 8:39 AM Better suited in Azure AD Forum
Tuesday, February 13, 2018 6:56 AM

Answers

0

Sign in to vote
You can find the Password policies that only apply to cloud user accounts.

Now there are three properties that are configurable - Password expiry duration, Password expiry notification and Password expiry.

Password expiry duration and Password expiry notification - You can configure these with the Set-MsolPasswordPolicy cmdlet via Powershell.

Set-MsolPasswordPolicy -ValidityPeriod 60 -NotificationDays 14 -DomainName "contoso.com"

Password expiry - You can set this with the Set-MsolUser cmdlet.

Set-MsolUser -UserPrincipalName "davidchew@contoso.com" -PasswordNeverExpires $true
---------------------------------------------------------------------------------------------------
Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.
- Proposed as answer by Neelesh Ray -MSFTMicrosoft employee Tuesday, February 13, 2018 9:53 AM
- Marked as answer by Alex_008 Tuesday, February 13, 2018 7:00 PM
Tuesday, February 13, 2018 9:53 AM
0

Sign in to vote
That is for cloud-only users, as in created in Azure AD and not synced from an On-premises directory.
If you sync an on-premises directory user we enforce your on-premises policy, because your password is written to the on-premises DC first and we dont write the hash to Azure AD untill the DC says it accepts the password.
-------------------------------------------------------------------------------------------------------------
Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members.
- Proposed as answer by vijisankar Tuesday, February 27, 2018 8:47 PM
- Marked as answer by Alex_008 Tuesday, July 17, 2018 10:51 PM
Tuesday, February 27, 2018 8:47 PM
0

Sign in to vote
No, as of today there are no changes to the Password Policies of Cloud only Users.

If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click here
- Proposed as answer by Neelesh Ray -MSFTMicrosoft employee Wednesday, July 18, 2018 8:31 AM
- Marked as answer by Alex_008 Wednesday, July 18, 2018 5:08 PM
Wednesday, July 18, 2018 8:31 AM

All replies

0

Sign in to vote
You can find the Password policies that only apply to cloud user accounts.

Now there are three properties that are configurable - Password expiry duration, Password expiry notification and Password expiry.

Password expiry duration and Password expiry notification - You can configure these with the Set-MsolPasswordPolicy cmdlet via Powershell.

Set-MsolPasswordPolicy -ValidityPeriod 60 -NotificationDays 14 -DomainName "contoso.com"

Password expiry - You can set this with the Set-MsolUser cmdlet.

Set-MsolUser -UserPrincipalName "davidchew@contoso.com" -PasswordNeverExpires $true
---------------------------------------------------------------------------------------------------
Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.
- Proposed as answer by Neelesh Ray -MSFTMicrosoft employee Tuesday, February 13, 2018 9:53 AM
- Marked as answer by Alex_008 Tuesday, February 13, 2018 7:00 PM
Tuesday, February 13, 2018 9:53 AM
0

Sign in to vote

If i sync on-premises directory then it will enforce password restrictions on "cloud only" accounts as well? or cloud only password policy would remain the same?
Alex

Monday, February 26, 2018 10:01 PM
0

Sign in to vote
That is for cloud-only users, as in created in Azure AD and not synced from an On-premises directory.
If you sync an on-premises directory user we enforce your on-premises policy, because your password is written to the on-premises DC first and we dont write the hash to Azure AD untill the DC says it accepts the password.
-------------------------------------------------------------------------------------------------------------
Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members.
- Proposed as answer by vijisankar Tuesday, February 27, 2018 8:47 PM
- Marked as answer by Alex_008 Tuesday, July 17, 2018 10:51 PM
Tuesday, February 27, 2018 8:47 PM
0

Sign in to vote

Hi,

Just checking to see if there is any change in the password policy recently for cloud only users?
Alex

Tuesday, July 17, 2018 10:52 PM
0

Sign in to vote
No, as of today there are no changes to the Password Policies of Cloud only Users.

If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click here
- Proposed as answer by Neelesh Ray -MSFTMicrosoft employee Wednesday, July 18, 2018 8:31 AM
- Marked as answer by Alex_008 Wednesday, July 18, 2018 5:08 PM
Wednesday, July 18, 2018 8:31 AM

Answered by:

Change Azure AD (AAD) password policy for cloud only accounts?

Question

Answers

All replies