How does the password policy work in Hybrid environments?

Anonymous

My understanding is that there's a enforced default password policy on Azure AD, Office365 etc..

If password complexity requirements aren't set on the on prem AD does that mean weak passwords can sync back into our Azure AD/Office365?

Sandeep G-MSFT 20,911 Reputation points Microsoft Employee Moderator

2022-11-01T03:17:38.323+00:00

@Anonymous

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread.

1 answer

Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator

2022-10-27T11:50:11.577+00:00

The Azure AD Password policies apply ONLY to the cloud-based accounts unless you have set the correct configuration
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts

Otherwise, the on-prem password policies apply to the synced accounts.
You should enable password writeback and SSPR to ensure this:
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

as well as Password Hash Sync:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-phs
Please sign in to rate this answer.

1 person found this answer helpful.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Your answer