Allow password expiration policy to sync from on-prem AD to Azure AD
Why doesn't a users cloud password expire when the on-prem password expires? We use an Azure Application Proxy App to securely publish an extranet to many employees and vendors whom never log into our domain directly but have on-prem AD accounts. To ensure they change their passwords regularly, we have to change their on-prem password once it expires so they are forced to use SSPR and create a new password.
Jeremy Burke
shared this idea
We are currently investigating how we can best implement this feature.
38 comments
-
Anonymous
commented
Is there an update on this? This is a much needed feature
-
Johnny Levring
commented
this post is from 2019, still no solution! Come on MS. Some companies still use onpreml AD
-
Jailaubek Rasoli
commented
Any update for this? It's been 4 years since posted and you have been working on this for whole 2 years. :)))
-
Xtraim
commented
oh my... no way thats still not possible...
-
Nathanael Lacourly ADM
commented
an update of this one ?? this is really a big issue for us. Before you close UserVoice definitely of course ;p
-
Anonymous
commented
Is there an update on this? This is a much needed feature
-
Anonymous
commented
The EnforceCloudPasswordPolicyForPasswordSyncedUser capability is a definite help here, but would additionally like to see the ability to sync on-premises PasswordNeverExpires to Azure AD DisablePasswordExpiration policy.
Original PHS behavior - Azure creds never expire.
EnforceCloudPasswordPolicyForPasswordSyncedUser - Azure creds always expire.
Desired behavior -- option to synchronize on-premises password never expires so that Azure expiration matches. -
Anonymous
commented
What is the current status on this?
-
Anonymous
commented
Would like to see this happen quickly.
-
Nuno Alexandre
commented
There is a new feature available (for quite a while now) called EnforceCloudPasswordPolicyForPasswordSyncedUser:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization#enforcecloudpasswordpolicyforpasswordsyncedusers -
Krunal Shah
commented
Seriously this is still pending!!!!!!!!!!!!!
-
Anonymous
commented
It's officially been over a year since the Azure AD Team posted their comment. Any update at all would be appreciated. This is a huge inconvenience and security concern.
-
Samir
commented
any update?
-
Anonymous
commented
Any update ?
-
Anonymous
commented
Any update on this?
-
pinki patel
commented
Is it still true password expiration still not syncing to AAD with newer version of AD connect?
-
Luca Fabbri
commented
Hello all,
even if it still is in "PLANNED" there is something you can already implement. I suggest to read this Microsoft Tech Community post https://techcommunity.microsoft.com/t5/office-365/password-expiration-with-aad-connect-password-hash-sync/m-p/1427851#M28874 (@Timothy Balk & @lucafabbri365 replies). -
AADCisTheNewDirSync
commented
ridiculous that this was not enforced by design from the beginning of AADC and that this is still "planned" to be implemented for more than a year now.
-
Glenn Gilley
commented
I'm looking for this exact thing as well. I was actually shocked when I was told users with expired passwords in our AD were still accessing O365 with no problem. Please get something with AD Connect working to make this work in a supported manner! I'd prefer not to have to rely on custom PowerShell scripts running forever.
-
Juliano Rocha Sens
commented
We have PHS sync activate and policy password on premisse and in Office365/Azure defined to get password expired in 90 days. We have some accounts set to password never expiry. This parameter do not sync with Azure/Office365, so this accounts expires in 90 days in Office365 and AzureAD. We need to set manually these specifics accounts to never expiry in o3655/azure. This is so bad... We need a more complete integration of these parameters about password policy of on premisse AD with AzureAD.