Aug 21 2023 07:09 AM
Hello DFI community !
I'm reviewing some Identity-related recommendations about accounts and passwords. Let's focus on the following:
Achieving these 3 recommendations at the same time in hybrid environment for all types of accounts (user account, service account) seems a bit challenging and counterintuitive.
If we disable password rotation policies in AD DS and set passwords to not expire in the 365 org's settings, user accounts will show up in the recommendations #1 and #2 after a while...If we don't, then the #3 recommendation pops-up.
How can we combine features such as Azure Identity Protection/Conditionnal Access, Password Protection, Managed Identities, s/gMSA accounts to make all this work ?
I'm a bit confused...What am i missing ?
Any help would be much appreciated.
Aug 21 2023 08:23 AM
@Chris_BYSA Microsoft recommends enabling the "do not expire password " settings in Office 365 and use the passwordless method through MFA to protect your identities login
Please refer to the below for password policy recommendations
Password policy recommendations - Microsoft 365 admin | Microsoft Learn
Aug 23 2023 08:37 AM - edited Aug 23 2023 08:38 AM
Thanks for your reply @eliekarkafy
Hum well we're not passwordless ready for the users yet.
And it wouldn't work for service accounts anyway. Would need maybe s/gMSA account types and/or Managed Identities.
Would this really solve all three recommendations and not make all the users fall into the reco #2 with 180+ day old passwords ?