locked
Change Azure AD (AAD) password policy for cloud only accounts? RRS feed

  • Question

  • From what I have been reading you need an on prem AD to make changes to Azure AD default password policy. Essentially the current policy is pretty weak with allowing only an 8-16 character password which I would like to change for my tenant. Is it possible to change the default policy (including length, history, filters, complexity)? I am not able to find an option except the expiration duration and notification.

    Alex

    Tuesday, February 13, 2018 6:56 AM

Answers

  • You can find the Password policies that only apply to cloud user accounts.

    Now there are three properties that are configurable - Password expiry duration, Password expiry notification and Password expiry.

    Password expiry duration and Password expiry notification - You can configure these with the Set-MsolPasswordPolicy cmdlet via Powershell.

    Set-MsolPasswordPolicy -ValidityPeriod 60  -NotificationDays 14  -DomainName "contoso.com"

    Password expiry - You can set this with the Set-MsolUser cmdlet.

    Set-MsolUser -UserPrincipalName "davidchew@contoso.com"  -PasswordNeverExpires $true
    ---------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Tuesday, February 13, 2018 9:53 AM
  • That is for cloud-only users, as in created in Azure AD and not synced from an On-premises directory.
    If you sync an on-premises directory user we enforce your on-premises policy, because your password is written to the on-premises DC first and we dont write the hash to Azure AD untill the DC says it accepts the password.
    -------------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members. 
    • Proposed as answer by vijisankar Tuesday, February 27, 2018 8:47 PM
    • Marked as answer by Alex_008 Tuesday, July 17, 2018 10:51 PM
    Tuesday, February 27, 2018 8:47 PM
  • No, as of today there are no changes to the Password Policies of Cloud only Users.

     

    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click here

    Wednesday, July 18, 2018 8:31 AM

All replies

  • You can find the Password policies that only apply to cloud user accounts.

    Now there are three properties that are configurable - Password expiry duration, Password expiry notification and Password expiry.

    Password expiry duration and Password expiry notification - You can configure these with the Set-MsolPasswordPolicy cmdlet via Powershell.

    Set-MsolPasswordPolicy -ValidityPeriod 60  -NotificationDays 14  -DomainName "contoso.com"

    Password expiry - You can set this with the Set-MsolUser cmdlet.

    Set-MsolUser -UserPrincipalName "davidchew@contoso.com"  -PasswordNeverExpires $true
    ---------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Tuesday, February 13, 2018 9:53 AM
  • If i sync on-premises directory then it will enforce password restrictions on "cloud only" accounts as well? or cloud only password policy would remain the same?

    Alex

    Monday, February 26, 2018 10:01 PM
  • That is for cloud-only users, as in created in Azure AD and not synced from an On-premises directory.
    If you sync an on-premises directory user we enforce your on-premises policy, because your password is written to the on-premises DC first and we dont write the hash to Azure AD untill the DC says it accepts the password.
    -------------------------------------------------------------------------------------------------------------
    Do click on "Mark as Answer" on the post that helps you and vote it as helpful, this can be beneficial to other community members. 
    • Proposed as answer by vijisankar Tuesday, February 27, 2018 8:47 PM
    • Marked as answer by Alex_008 Tuesday, July 17, 2018 10:51 PM
    Tuesday, February 27, 2018 8:47 PM
  • Hi,

    Just checking to see if there is any change in the password policy recently for cloud only users?


    Alex

    Tuesday, July 17, 2018 10:52 PM
  • No, as of today there are no changes to the Password Policies of Cloud only Users.

     

    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click here

    Wednesday, July 18, 2018 8:31 AM