How can we improve Azure Active Directory?

Disable user's ability to change password (via cloud/portals)

We need to disable a user's ability to change their password. We need to manage password changes in our own application.

NOTE: I am not referring to password resets (which we can easily disable). Rather I'm talking about preventing users from changing their password via a Microsoft portal when they know their existing password.

We are looking for an equivalent of the (non Azure) AD powershell command Set-ADUser -CannotChangePassword.

83 votes
Sign in
Check!
(thinking…)
Reset
or sign in with
    Password icon
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Greg Singleton shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    15 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
      Password icon
      Signed in as (Sign out)
      Submitting...
      • AdminAzure AD Team (Admin, Microsoft Azure) commented  ·   ·  Flag as inappropriate

        Hi folks! I apologies for the delay in response and I deeply appreciate your feedback. I understand how important this feature is for your and your users. We do not yet have plans to implement this feature, but please keep voting if this is important to you to help us prioritize appropriately.

      • Michael commented  ·   ·  Flag as inappropriate

        I would like an update on this as well. seems like this is something that is really needed

      • W Shen commented  ·   ·  Flag as inappropriate

        We have options like "password never expires" and "user cannot change password" in Active Directory. Why the same options cannot be implemented in AAD?

      • kurt commented  ·   ·  Flag as inappropriate

        this is a really good idea. would really help with user management for companies with specific password rules. make this happen please!

      • Anonymous commented  ·   ·  Flag as inappropriate

        We are currently syncing users and passwords through a 3. party service, and need to disable password reset functionality on local azure ad accounts, since we are maintaning them in another catalog being 1 way synced to Azure AD.

      • Anonymous commented  ·   ·  Flag as inappropriate

        The ability to disable users' ability to change passwords is very critical...now that everything is on the cloud...we face issues where an employee, when he/she leaves, can change the password, then go home and delete files and folders - leaving a complete disaster for us.

        Admin should be able to disable any user's ability to change passwords...very critical...please make these changes....

        Thanks

      • Nev commented  ·   ·  Flag as inappropriate

        So what was the decision after two years review?
        we need the same capability

      • dmnq commented  ·   ·  Flag as inappropriate

        We need this for service accounts in AAD with complex password & password not expiring. If we can not prevent the "user" from changing his (known) password, he will change it to a trivial one.
        Is there anything in place ?

      • Fredrik Carenborn commented  ·   ·  Flag as inappropriate

        Hi, I vote for this aswell.

        This feature is desirable in our IT environment also because we have built a separate password portal . The password feature in Office 365 complicate this for the end-users.

        Hope for fast response

      Feedback and Knowledge Base