Forum Discussion

Matthew Sutton's avatar
Matthew Sutton
Brass Contributor
Jan 12, 2018

Disable ability for user to change password in Azure AD

Hi - anyway to prevent an Azure AD cloud only user from changing their password - like you could do on-prem?

 

thanks

Azure Active Directory (AAD)

6 Replies

  • Daniel_Woo's avatar
    Daniel_Woo
    Copper Contributor
    Mar 16, 2023
    I really hope Microsoft would listen to their customers and implement this feature. Our organization have a lot of dumb people who keep forgetting their password, after they changed it themselves to their own preference. It was too much of a bother to us IT staffs to reset their password to them. It will be a huge help if we can simply disallow them from changing password. This way, we can simply them to look up their password in the secured pdf we once sent them.
  • Kamal Bhatt's avatar
    Kamal Bhatt
    Copper Contributor
    Jan 01, 2019

    Yes there is a way.

     

    Here it is: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_manage/disable-password-changing-option-in-owa-office-365/5d5cbf4f-ff7b-47f4-98c5-6e767f6c4524 

    • JeradF's avatar
      JeradF
      Copper Contributor
      Nov 24, 2021

      Kamal Bhatt Can confirm that doesn't prevent users from changing their Office 365 account password under "View Account - Change Password".

      This may prevent a user from changing their password from within Outlook, but certainly doesn't not prevent them from changing their O365 password. 

      Only way I've been able to prevent the password change is to disable Password Writeback on AAD connect. This will generate the "Your organization doesn't allow you to change your password here" when users try to change their password via their Office portal. 

      I know then this defeats the purpose of selective password writeback / changing, but that's all I've been able to find so far. 

      If anyone else has any other suggestions, I would absolutely love to hear them. 

      • FSERZ's avatar
        FSERZ
        Copper Contributor
        Oct 20, 2022
        I want to bring the theme up again. Is there any new possibility to disable users to change passwords?

        Thanks.
  • Cian Allner's avatar
    Cian Allner
    Silver Contributor
    Jan 12, 2018

    Not that's https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/9180638-disable-user-s-ability-to-change-password-via-clo, might not help but you could change the expiry threshold to its maximum value 730 days:

     

    https://support.office.com/en-us/article/set-the-password-expiration-policy-for-your-organization-0f54736f-eb22-414c-8273-498a0918678f

     

    https://helgeklein.com/blog/2017/01/disabling-azure-active-directory-password-expiration/

    The second link says you might actually be able to increase it to 1,000 days with PowerShell.

Resources