Yes but when they will be forced to change the password if Tenant is set with « password never expire » ?

- what will be the impact for user when he connect the first time with the cloud-only the Azure AD account, with a 6 characters password and the Tenant set with « password never expire » ?

It’s like an AD Onprem password policy ? : Password Policy only evaluated when the password is changed or expired ?
-> so no impact for user connexion even if the current password don’t meet the AzureAD password policy ?

Hi, enable SSPR while you’re at it. As for the password if it doesn't meet the policy requirements, the user is prompted to try again.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy

Thanks @ChristianBergstrom for your answer.

Do you meen "If the password doesn't meet the policy requirements, the user is prompted to try again " : at the user connexion ?

My question is only related to user connexion, because password policy is set to never expire.

I haven't seen any Microsoft document that indicates that the password need to meet the AzureAD password policy at the user connexion.

For me the AAD password policy work like AD password policy : the password policy evaluation is made only when a user change the password, not at the connexion.

Did you have perhaps a reference?

We will activate SSPR only after the Tenant will be full cloud, but all users will not be complient, and want to minimize the impact when Tenant will switch to full cloud.