Disable user's ability to change password (via cloud/portals)
We need to disable a user's ability to change their password. We need to manage password changes in our own application.
NOTE: I am not referring to password resets (which we can easily disable). Rather I'm talking about preventing users from changing their password via a Microsoft portal when they know their existing password.
We are looking for an equivalent of the (non Azure) AD powershell command Set-ADUser -CannotChangePassword.
Hi folks! I apologies for the delay in response and I deeply appreciate your feedback. I understand how important this feature is for your and your users. We do not yet have plans to implement this feature, but please keep voting if this is important to you to help us prioritize appropriately.
We would be very much happy to have such feature enabled as admins.
Steven Hillaby commented
Please implement this, would be very useful to have the ability to change this, we have a few clients that have requested this, still no update from Microsoft.
Williamson, Lisa commented
This request is now going on 6 years, when will this be on the road map?
Kirsten W. commented
As Keith said - this is 100% needed and silly it does not exist already
VICTOR MANUEL FERRANDO GARCIA commented
We would like this as we use a centralized, event driven, identity system and we command the password changes via Microsoft Graph. We want users to change their passwords with our own Self Service portal to keep things consistent instead of cloud/portals.
Keith Chisarik commented
I agree 100% this is needed and silly it does not exist already
Louis Galinou commented
Please this is a huge security risk for us... People who are locked out of their accounts should not be able to access the accounts so easily...
Tony LeGrange commented
Yes, this would be nice.
Sistemi Informativi commented
We need this feature as well. Thank you.
A feature should be added to disable the request to update the password for users when they log in for the first time to those accounts. The reason I am talking about student accounts in schools is that they will not be able to reset a strong password because many of them do not know how to do that? !! The other reason is more Requests for assistance in resetting passwords for users.
We can't move from on-prem AD until this feature is implemented.
Yes, we want most of our users to be able to change their password. But we have some unique circumstances, such as the public checking out a laptop or tablet from our library, and they need a generic username to login to the desktop.
We might use this generic username across many devices, so we don't want users to be able to change the password. Otherwise, if one user changes the password, it will lock out all the other users out of logging into their laptops.
Dharmesh J Desai commented
Christian Nilsson commented
This is causing a support pain since passwords are not synced back to our on premise AD (and we don't want it to either)
Pure stupidity that this exists in the first place on a AD synced account.
Naveen Marat commented
This is really an important feature for my tenants ( Myself handling 4 different tenants for different domains for my company and sister companies).I strongly believe,this is an important one for many other tenants too and its really disappointing that Microsoft did not facilitate this option.
If you've not done this in two years, no one is going to 'keep voting' as they will have already realised you lot plan to do nothing about this. Some honestly would be refreshing. You want people to sync their Azure AD with an on-prem AD so that extra features like this can be used in the on-prem AD, which filter back to Azure AD, even though those controls don't feature in Azure AD.
No one is falling for your encouraging comments M$.
Riaz Javed commented
This is a big flaw of Azure SSPR. We need to have the ability to pilot this functionality for password change. When we can have this functionality.
We have a centralize password reset mechanism in place that has an automation workflow behind it which sets the new password in a number of systems giving a user a single set of credentials to remember (which is a security plus since they can store a single password in their brain instead of on their computer) - problem is, online portals such as Office 365 make them change their password outside of our centralized password reset mechanism, this is a huge problem because now we can't tell them to login with their single password to all systems, because when it doesn't work because they changed it via an online portal, they will say we gave them wrong instructions. Why is this taking so long? It should be a basic thing that has existed in the AD for ages.
Steven Burtt commented
I currently have 28 Companies that use Office 365 that want this. Its a waste of time and money for consultants to keep resolving used issues. Some clients have needs to have passwords updated every 30 days, and don't want end users involved.
Johnny Sundays commented
I'd like to know the logic why this is not implemented yet. Anyway, voted ;)
Exchange Online Admin commented
I strongly vote for this. I don't know how many years or people need to keep bugging Microsoft Azure to add this feature.