Password Expiration notification

Occasional Visitor

I have a number of users who have recently transitioned to Azure joined devices and are authenticating directly through AAD, though their accounts were originated in On-prem AD. When their passwords expire, they aren't getting notification but finding out when certain on-prem services aren't connecting. We are using AD Sync and it's going both ways AAD to OP and OP to AAD .

 

I guess my question is 2 fold:

  • Is it possible that AD is still expiring the password and if not, where can I find where it is expiring?
  • Is there any way to turn on expiration notification for Azure AD users?

Thanks,

1 Reply
Hi @Bryan_George,

Passwords are so not 2022. You have just opened a can of worms :)
I would suggest you read the blog post that I have created in the past. Google the following "Comply your AD password expiration policy with Azure AD." That should help you.

I am not a fan of password expiration policies; I am more the type of administrator that prefers password-less authentication and sets the password expiration policy to "never."

By default, AAD uses a password expiration of 90-days. You can see the setting by browsing the admin center > settings > org settings > security & privacy > Password expiration policy.

There are enough online scripts that could help you send an e-mail to a user whose password expires. Hint; use the following Google search term: Password-Expiration-Notifications.ps1

Good luck, and If you have any other questions, shoot ;)