Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Disable ability for user to change password in Azure AD

Brass Contributor

Hi - anyway to prevent an Azure AD cloud only user from changing their password - like you could do on-prem?

 

thanks

6 Replies

Not that's not possible, might not help but you could change the expiry threshold to its maximum value 730 days:

 

Set the password expiration policy for your organization

 

Disabling Azure Active Directory Password Expiration

The second link says you might actually be able to increase it to 1,000 days with PowerShell.

@Kamal Bhatt Can confirm that doesn't prevent users from changing their Office 365 account password under "View Account - Change Password".

This may prevent a user from changing their password from within Outlook, but certainly doesn't not prevent them from changing their O365 password. 

Only way I've been able to prevent the password change is to disable Password Writeback on AAD connect. This will generate the "Your organization doesn't allow you to change your password here" when users try to change their password via their Office portal. 

I know then this defeats the purpose of selective password writeback / changing, but that's all I've been able to find so far. 

If anyone else has any other suggestions, I would absolutely love to hear them. 

I want to bring the theme up again. Is there any new possibility to disable users to change passwords?

Thanks.
I really hope Microsoft would listen to their customers and implement this feature. Our organization have a lot of dumb people who keep forgetting their password, after they changed it themselves to their own preference. It was too much of a bother to us IT staffs to reset their password to them. It will be a huge help if we can simply disallow them from changing password. This way, we can simply them to look up their password in the secured pdf we once sent them.