SSPR configurable password policy text window (for tenants using ADFS/write-back)
We have Azure AD using ADFS, so SSPR is using password write-back.
We have a 3rd party password filter implemented on-prem because built-in password policies are so poor (complexity enabled with fine-grained password policies still allows passwords like "Password1", "Microsoft1", etc)
While Azure AD has added some smarts to block "bad" passwords (good job!) - on-prem AD doesn't, which means we can't rely purely on new password filtering functionality in Azure AD.
The end result is that SSPR is very frustrating to use, because it carries no information about what the on-prem password policy requirements are.
Please provide a custom field where we can detail the password requirements in SSPR after the user has completed their identity verification. It should also be displayed if the user chooses a password in SSPR that is rejected by password write-back.
Thanks for your consideration!
Thank you for your feedback! We are still considering this feature and would love to get more feedback on this. Do you want just a text box? Does it need to be localized? What type of information would you include?
For cloud only user, the hints text window and the strength indicator appear in SSPR page. When will the text window and password stength indicator also appear for SSPR +ADFS and password writeback user? This will definitely enhance user experience when using Azure SSPR.
Patrick Doherty commented
To start with a simple text box of requirements would be fantastic, if later on it could be tabbed for different policies (different countries/companies/departments) that may have their own policies or preferences?
Cha Yang commented
This is a great idea. We are also looking for this change. I think this is huge end user experience improvement. If that information is there, users will have a better chance of getting their passwords changed on the first try and eliminate frustration and calls to the service desk.
Gino Caroli commented
Just the ability to post a message stating the complexity requirements on the password reset and change password pages would be nice.