Forum Discussion

SRPfr's avatar
SRPfr
Copper Contributor
Jan 04, 2021

AzureAD Password Policy impact after moving from AADConnec sync to Full cloud

Hi  all,   We plan to disable AADconnect dirsync to go full cloud and use only Azure AD. AD OnPrem domain use a very "light" password policy, less restrictive than Azure AD.   AD OnPrem: ...
Azure Active Directory (AAD)
Azure AD Connect
Password Protection
SRPfr's avatar
SRPfr
Copper Contributor
Jan 05, 2021

Thanks ChristianBergstrom for your answer.

Do you meen "If the password doesn't meet the policy requirements, the user is prompted to try again " : at the user connexion ?

My question is only related to user connexion, because password policy is set to never expire.

I haven't seen any Microsoft document that indicates that the password need to meet the AzureAD password policy at the user connexion.

 

For me the AAD password policy work like AD password policy : the password policy evaluation is made only when a user change the password, not at the connexion.

Did you have perhaps a reference?

 

We will activate SSPR only after the Tenant will be full cloud, but all users will not be complient, and want to minimize the impact when Tenant will switch to full cloud.

ChristianBergstrom's avatar
ChristianBergstrom
Silver Contributor
Jan 05, 2021
As far as I know it doesn’t matter if it’s set to never expire if the password doesn’t comply with the Azure AD password policy character requirements that’s assigned to all users being created in Azure AD. Even at the first connection, as the user objects are already there with the policy assigned.

How about opening a ticket with Microsoft support for an official response to ease your mind?

Resources