SSPR configurable password policy text window (for tenants using ADFS/write-back)
We have Azure AD using ADFS, so SSPR is using password write-back.
We have a 3rd party password filter implemented on-prem because built-in password policies are so poor (complexity enabled with fine-grained password policies still allows passwords like "Password1", "Microsoft1", etc)
While Azure AD has added some smarts to block "bad" passwords (good job!) - on-prem AD doesn't, which means we can't rely purely on new password filtering functionality in Azure AD.
The end result is that SSPR is very frustrating to use, because it carries no information about what the on-prem password policy requirements are.
Please provide a custom field where we can detail the password requirements in SSPR after the user has completed their identity verification. It should also be displayed if the user chooses a password in SSPR that is rejected by password write-back.
Thanks for your consideration!
Thank you for your feedback! We would love to hear more about what exactly you would like to see in this feature from both an admin and an end user perspective. Feel free to throw out ideas or specific needs/requirements and we’ll incorporate them into our thinking and planning.
Sadie Henry (sahenry)
Cha Yang commented
This is a great idea. We are also looking for this change. I think this is huge end user experience improvement. If that information is there, users will have a better chance of getting their passwords changed on the first try and eliminate frustration and calls to the service desk.
Gino Caroli commented
Just the ability to post a message stating the complexity requirements on the password reset and change password pages would be nice.