Not allow windows to use cached credentials when a azure AD password is expired
Ran into an issue where we implemented a password policy at a client and found that even after passwords had expired, users were still able to log into their Azure AD joined machines. If Azure AD knows the password is expired, it should not allow the use of cached credentials to sign in. In order to lock expired passwords, we had to write a script that looks for passwords that are expired and disables the associated accounts so that users can not continue to use their old cached credentials to access their machines or other applications. We had some issues with people not updating their passwords after they expired because applications continued to work and they didn't realize they needed to update their password. Thanks!