Home

ADFS Password Expiration Notification

%3CLINGO-SUB%20id%3D%22lingo-sub-139043%22%20slang%3D%22en-US%22%3EADFS%20Password%20Expiration%20Notification%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-139043%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20everyone%20-%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20am%20currently%20using%20ADFS%20on%20Windows%202012%20R2%20as%20authentication%20with%20my%20O365%20tenant.%26nbsp%3B%20I%20have%20been%20asked%20to%20enable%20password%20expiration%20notification%20for%20end%20users%20that%20access%20EXO%20for%20email%20via%20the%20web.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20did%20some%20searching%20and%20found%202%20articles%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.msdn.microsoft.com%2Fsamueld%2F2015%2F05%2F13%2Fadfs-2012-r2-now-supports-password-change-not-reset-across-all-devices%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.msdn.microsoft.com%2Fsamueld%2F2015%2F05%2F13%2Fadfs-2012-r2-now-supports-password-change-not-reset-across-all-devices%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eand%20also%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-fs%2Foperations%2Fconfigure-ad-fs-to-send-password-expiry-claims%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fidentity%2Fad-fs%2Foperations%2Fconfigure-ad-fs-to-send-password-expiry-claims%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20went%20through%20and%20added%20the%20rule%20mentioned%20under%20Trust%20Relationships%20--%26gt%3B%20Relying%20Party%20Trusts%20--%26gt%3B%20Microsoft%20Office%20365%20Identity%20Platform%20--%26gt%3B%20Issuance%20Transform%20Rules%20(added%20as%203rd%20rule).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOur%20on%20prem%20AD%20password%20policy%20expires%20passwords%20after%2090%20days.%26nbsp%3B%20My%20account%20PasswordLastSet%20attribute%20was%209%2F26%2F17%2C%20which%20would%20put%20my%20password%20at%20expiring%20in%205%20days%20or%20so.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAfter%20adding%20this%20claims%20rule%20and%20logging%20into%20EXO%20via%20Google%20Chrome%20-%20I%20would%20expect%20to%20see%20*something*%20that%20says%20my%20password%20expires%20in%205%20days.%26nbsp%3B%26nbsp%3BWhere%20%2F%20when%20should%20I%20see%20this%3F%26nbsp%3B%20Am%20I%20missing%20something%20in%20my%20configuration%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%3C%2FP%3E%0A%3CP%3ESteve%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-139043%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAuthentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-139193%22%20slang%3D%22en-US%22%3ERe%3A%20ADFS%20Password%20Expiration%20Notification%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-139193%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20the%20article%20mentions%2C%20those%20notifications%20are%20only%20supported%20by%20some%20applications.%20Read%2C%20Outlook.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Stephen Bell
Contributor

Hey everyone -

 

I am currently using ADFS on Windows 2012 R2 as authentication with my O365 tenant.  I have been asked to enable password expiration notification for end users that access EXO for email via the web.  

 

I did some searching and found 2 articles:

https://blogs.msdn.microsoft.com/samueld/2015/05/13/adfs-2012-r2-now-supports-password-change-not-re...

 

and also

 

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-to-send-pa...

 

I went through and added the rule mentioned under Trust Relationships --> Relying Party Trusts --> Microsoft Office 365 Identity Platform --> Issuance Transform Rules (added as 3rd rule).

 

Our on prem AD password policy expires passwords after 90 days.  My account PasswordLastSet attribute was 9/26/17, which would put my password at expiring in 5 days or so.

 

After adding this claims rule and logging into EXO via Google Chrome - I would expect to see *something* that says my password expires in 5 days.  Where / when should I see this?  Am I missing something in my configuration?

 

Thanks

Steve

1 Reply

As the article mentions, those notifications are only supported by some applications. Read, Outlook.

Related Conversations
Password Generation and Password Reveal are Not working
HotCakeX in Discussions on
5 Replies
Edge Insider doesn't show notifications
ThatWeirdAndrew in Discussions on
10 Replies
Umlauts in notification emails
Florian Hein in Microsoft Teams on
6 Replies
Re-request password
Serhii Zahuba in Outlook on
9 Replies