Forum Discussion
Skipster311-1
Aug 16, 2021Iron Contributor
PHS remote users change password
Hello all
We are currently in a hybrid PHS environment. We have SSPR turned on and its working. What i am trying to understand is how do we get "work from home users" to update their password? If they never log into the onprem domain, then the flag “DisablePasswordExpiration” will never be removed from the Azure AD account. Any advice is greatly appreciated .
- Josh Villagomez
Microsoft
What do you mean by "hybrid PHS environment"? Are your users devices Azure AD Hybrid Joined or Azure AD Joined? Is your domain managed or federated? How do they normally change their passwords? Ctrl-Alt-Del? - Hi, have a look at the "EnforceCloudPasswordPolicyForPasswordSyncedUsers".
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization#enforcecloudpasswordpolicyforpasswordsyncedusers- Skipster311-1Iron ContributorIts already turned on, but the flag “DisablePasswordExpiration” on the user account doesnt get removed until the user first changes their password
- I suppose you didn't enable it before enabling PHS then. And this is configured as well? https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback#enable-password-writeback-for-sspr