Disable ability for user to change password in Azure AD


Hi - anyway to prevent an Azure AD cloud only user from changing their password - like you could do on-prem?



3 Replies

Not that's not possible, might not help but you could change the expiry threshold to its maximum value 730 days:


Set the password expiration policy for your organization


Disabling Azure Active Directory Password Expiration

The second link says you might actually be able to increase it to 1,000 days with PowerShell.

@Kamal Bhatt Can confirm that doesn't prevent users from changing their Office 365 account password under "View Account - Change Password".

This may prevent a user from changing their password from within Outlook, but certainly doesn't not prevent them from changing their O365 password. 

Only way I've been able to prevent the password change is to disable Password Writeback on AAD connect. This will generate the "Your organization doesn't allow you to change your password here" when users try to change their password via their Office portal. 

I know then this defeats the purpose of selective password writeback / changing, but that's all I've been able to find so far. 

If anyone else has any other suggestions, I would absolutely love to hear them.