How does the password policy work in Hybrid environments?

Anonymous
2022-10-27T02:30:07.943+00:00

My understanding is that there's a enforced default password policy on Azure AD, Office365 etc..

If password complexity requirements aren't set on the on prem AD does that mean weak passwords can sync back into our Azure AD/Office365?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,094 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,183 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 143.8K Reputation points MVP
    2022-10-27T11:50:11.577+00:00

    The Azure AD Password policies apply ONLY to the cloud-based accounts unless you have set the correct configuration
    https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts

    254759-image.png

    Otherwise, the on-prem password policies apply to the synced accounts.
    You should enable password writeback and SSPR to ensure this:
    https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

    as well as Password Hash Sync:
    https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-phs

    0 comments No comments