Forum Discussion
skipster311-175
Feb 02, 2023Brass Contributor
Change domain from federated to managed SSPR
Hello
I am trying to understand what i gain when i switch a domain from federated to managed but still doing password resets onprem. From my understanding i wont be able to take full advantage of Identity protection, smart lockout, and azure ad password policies. If the account is managed but still has to reset the password for the account onprem i think this introduces confusion for the user and i am not sure what i gain from a security perspective?
Some misunderstanding here. You simply set up SSPR writeback from Azure AD https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
Nice chart here https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn#decision-tree
You’ll need PHS (Password Hash Sync) btw.
- skipster311-175Brass ContributorI understand how it works and how to setup SSPR, but the company doesnt want to use azure SSPR. That was my question