Dec 09 2020
- last edited on
Jan 14 2022
We plan to disable AADconnect dirsync to go full cloud and use only Azure AD.
This domain use a very "light" password policy, less restrictive than Azure AD :
AD OnPrem :
- Complexity : Disabled
- Min lenght : 6 characters
- Max password age : 90 days.
Most user on AD OnPrem have password set to "never expire".
On Azure AD, we use the global setting "password never expire" and default settings.
Dec 09 2020 11:31 PM
Azure AD doesnt really care what the on-premises expiration settings were, only the cloud-side one will take effect. As to complexity/length requirement, you might need to toggle the "StrongPasswordRequired" flag off.
Dec 10 2020 08:51 AM
@Vasil MichevThanks Vasil for your answer.
I think you have only answered one question ;).
Do you have information on other questions below?
After we switch to full cloud users, the password policy for all users will change, and we don't want to lower the Azure AD password policy.
The question is more about :
If we set Azure AD global setting with an password expiration policy (like 90 days):
Dec 21 2020 03:51 PM
Would someone have perhaps more informations about the impact with Password Policy when we disable AADConnect Dirsync.