How can we improve Azure Active Directory?

SSPR configurable password policy text window (for tenants using ADFS/write-back)

We have Azure AD using ADFS, so SSPR is using password write-back.

We have a 3rd party password filter implemented on-prem because built-in password policies are so poor (complexity enabled with fine-grained password policies still allows passwords like "Password1", "Microsoft1", etc)

While Azure AD has added some smarts to block "bad" passwords (good job!) - on-prem AD doesn't, which means we can't rely purely on new password filtering functionality in Azure AD.

The end result is that SSPR is very frustrating to use, because it carries no information about what the on-prem password policy requirements are.

Please provide a custom field where we can detail the password requirements in SSPR after the user has completed their identity verification. It should also be displayed if the user chooses a password in SSPR that is rejected by password write-back.

Thanks for your consideration!

24 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Jordan shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  AdminAzure AD Team (Admin, Microsoft Azure) responded  · 

    Thank you for your feedback! We would love to hear more about what exactly you would like to see in this feature from both an admin and an end user perspective. Feel free to throw out ideas or specific needs/requirements and we’ll incorporate them into our thinking and planning.

    Sadie Henry (sahenry)

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Cha Yang commented  ·   ·  Flag as inappropriate

        This is a great idea. We are also looking for this change. I think this is huge end user experience improvement. If that information is there, users will have a better chance of getting their passwords changed on the first try and eliminate frustration and calls to the service desk.

      • Gino Caroli commented  ·   ·  Flag as inappropriate

        Just the ability to post a message stating the complexity requirements on the password reset and change password pages would be nice.

      Feedback and Knowledge Base