AAD Generated Passwords & Custom Policies

%3CLINGO-SUB%20id%3D%22lingo-sub-2679360%22%20slang%3D%22en-US%22%3EAAD%20Generated%20Passwords%20%26amp%3B%20Custom%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2679360%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20query%20relating%20to%20password%20policies%20and%20machine-generated%20passwords%20through%20AAD.%20We%20have%20recently%20rolled%20out%20AAD%20Password%20Protection%2C%20we're%20utilising%20defined%20password%20policies%20and%20specific%20password%20expiration.%20However%2C%20I%20wanted%20to%20know%20whether%26nbsp%3Bwhen%20a%20user%20is%20created%20and%20the%20AAD%20Random%20Password%20Generator%20is%20used%20whether%20or%20not%20it%20is%20assessed%20against%20our%20policies%2C%20otherwise%20we'd%20be%20essentially%20provisioning%20an%20account%20with%20a%20weaker%20security%20profile%20until%20the%20user%20is%20forced%20to%20reset%20the%20password%20at%20initial%20login.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2679360%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2688476%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20Generated%20Passwords%20%26amp%3B%20Custom%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2688476%22%20slang%3D%22en-US%22%3EWhen%20you%20enable%20AAD%20password%20protection%20you%20are%20now%20using%20a%20combination%20of%20onprem%20and%20azure%20ad%20password%20policy.%20Also%20%22AAD%20random%20password%20generator%22%20is%20not%20a%20feature%20of%20AAD%20password%20protection.%20When%20you%20create%20a%20new%20user%20account%20%2C%20the%20password%20will%20be%20checked%20for%20compliance%20in%20Azure%20AD.%20If%20the%20password%20doesn't%20meet%20compliance%20the%20password%20will%20be%20rejected.%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello,

 

I have a query relating to password policies and machine-generated passwords through AAD. We have recently rolled out AAD Password Protection, we're utilising defined password policies and specific password expiration. However, I wanted to know whether when a user is created and the AAD Random Password Generator is used whether or not it is assessed against our policies, otherwise we'd be essentially provisioning an account with a weaker security profile until the user is forced to reset the password at initial login. 

 

Thanks.

2 Replies
When you enable AAD password protection you are now using a combination of onprem and azure ad password policy. Also "AAD random password generator" is not a feature of AAD password protection. When you create a new user account , the password will be checked for compliance in Azure AD. If the password doesn't meet compliance the password will be rejected.
Hello, and thanks for your response.