Forum Discussion
Solved
Does Azure AD (AD Connect) "Password Write Back" require me to open an Port on my on-premise firewal
Hello if I have "Password Write Back" enabled do I need to open a Port on my on-premise firewall? The reason I am asking is I assume the user could logon direclty to Azure using their synced acc...
I think this is what you are looking for:
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-writeback
Thanks Cody, that answered my question the artical contains the following text
Doesn’t require any inbound firewall rules - Password writeback uses an Azure Service Bus relay as an underlying communication channel, meaning that you do not have to open any inbound ports on your firewall for this feature to work.
Thanks again
AUser ZUser do I need to open any outbound traffic for this function to work? I have a situation here, by default we block outbound internet for all servers, and we only open specific destinations. After setting up the password writeback in AD, we get an unknown error. To test, we open the onprem AD and Sync servers to the internet and we can reset the password from Azure. The question now is what is the destination that we need to allow for this service to work? We tested again by adding this URL to the allowed list, https://account.activedirectory.windowsazure.com/ but we keep getting "This password does not meet the length, complexity, age or history requirements of your corporate password policy." However the policy is correct, and we opened the server to the internet again we could use the same password and were able to change it successfully.