cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Password Expiration notification

Bryan_George
Copper Contributor

‎Nov 07 2022 04:21 PM

‎Nov 07 2022 04:21 PM

Password Expiration notification

I have a number of users who have recently transitioned to Azure joined devices and are authenticating directly through AAD, though their accounts were originated in On-prem AD. When their passwords expire, they aren't getting notification but finding out when certain on-prem services aren't connecting. We are using AD Sync and it's going both ways AAD to OP and OP to AAD .

 

I guess my question is 2 fold:

  • Is it possible that AD is still expiring the password and if not, where can I find where it is expiring?
  • Is there any way to turn on expiration notification for Azure AD users?

Thanks,

27K Views
0 Likes
2 Replies
Reply
2 Replies
BilalelHadd

‎Nov 08 2022 06:17 AM

‎Nov 08 2022 06:17 AM

Re: Password Expiration notification

Hi @Bryan_George,

Passwords are so not 2022. You have just opened a can of worms 🙂
I would suggest you read the blog post that I have created in the past. Google the following "Comply your AD password expiration policy with Azure AD." That should help you.

I am not a fan of password expiration policies; I am more the type of administrator that prefers password-less authentication and sets the password expiration policy to "never."

By default, AAD uses a password expiration of 90-days. You can see the setting by browsing the admin center > settings > org settings > security & privacy > Password expiration policy.

There are enough online scripts that could help you send an e-mail to a user whose password expires. Hint; use the following Google search term: Password-Expiration-Notifications.ps1

Good luck, and If you have any other questions, shoot 😉
0 Likes
Reply
John_Woodling

‎Aug 21 2023 06:47 AM

‎Aug 21 2023 06:47 AM

Re: Password Expiration notification

@BilalelHadd Many highly regulated environments have these types of requirements. PCI DSS, governance from government bodies, etc have these password requirements for expiration so these orgs are beholden to them.

 

Also as of note, most, if not all, of these scripts use send-mailmessage, which is deprecated and has no official replacement from MS, see below.

 

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/send-mailmessage?vi...

 

"The Send-MailMessage cmdlet is obsolete. This cmdlet does not guarantee secure connections to SMTP servers. While there is no immediate replacement available in PowerShell, we recommend you do not use Send-MailMessage. For more information, see Platform Compatibility note DE0005."

 

The only solution I have found so far that does not use send mail message in my light research is this blog: https://www.sharepointdiary.com/2023/04/microsoft-365-password-expiration-notification-email.html

It looks to use M365 and Microsoft Graph API to do this.

1 Like
Reply