How can we improve Azure Active Directory?

Disable user's ability to change password (via cloud/portals)

We need to disable a user's ability to change their password. We need to manage password changes in our own application.

NOTE: I am not referring to password resets (which we can easily disable). Rather I'm talking about preventing users from changing their password via a Microsoft portal when they know their existing password.

We are looking for an equivalent of the (non Azure) AD powershell command Set-ADUser -CannotChangePassword.

103 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Greg Singleton shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

19 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Ahmad Al Hindi commented  ·   ·  Flag as inappropriate

    The ability to disable users' ability to change passwords is very critical...now that everything is on the cloud...we face issues where an employee, when he/she leaves, can change the password, then go home and delete files and folders - leaving a complete disaster for us.

    Admin should be able to disable any user's ability to change passwords...very critical...please make these changes....

  • AdminAzure AD Team (Product Owner, Microsoft Azure) commented  ·   ·  Flag as inappropriate

    Hi folks! I apologies for the delay in response and I deeply appreciate your feedback. I understand how important this feature is for your and your users. We do not yet have plans to implement this feature, but please keep voting if this is important to you to help us prioritize appropriately.

  • Michael commented  ·   ·  Flag as inappropriate

    I would like an update on this as well. seems like this is something that is really needed

  • W Shen commented  ·   ·  Flag as inappropriate

    We have options like "password never expires" and "user cannot change password" in Active Directory. Why the same options cannot be implemented in AAD?

  • kurt commented  ·   ·  Flag as inappropriate

    this is a really good idea. would really help with user management for companies with specific password rules. make this happen please!

  • Anonymous commented  ·   ·  Flag as inappropriate

    We are currently syncing users and passwords through a 3. party service, and need to disable password reset functionality on local azure ad accounts, since we are maintaning them in another catalog being 1 way synced to Azure AD.

  • Anonymous commented  ·   ·  Flag as inappropriate

    The ability to disable users' ability to change passwords is very critical...now that everything is on the cloud...we face issues where an employee, when he/she leaves, can change the password, then go home and delete files and folders - leaving a complete disaster for us.

    Admin should be able to disable any user's ability to change passwords...very critical...please make these changes....

    Thanks

  • Nev commented  ·   ·  Flag as inappropriate

    So what was the decision after two years review?
    we need the same capability

  • dmnq commented  ·   ·  Flag as inappropriate

    We need this for service accounts in AAD with complex password & password not expiring. If we can not prevent the "user" from changing his (known) password, he will change it to a trivial one.
    Is there anything in place ?

  • Fredrik Carenborn commented  ·   ·  Flag as inappropriate

    Hi, I vote for this aswell.

    This feature is desirable in our IT environment also because we have built a separate password portal . The password feature in Office 365 complicate this for the end-users.

    Hope for fast response

Feedback and Knowledge Base