This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 62%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi all,
When setting Conditional access policy or User risk policy set to force password at high risk doesn't work instead I get a blocked windows on users.
I have set SSPR too and I think this is a requirement
What am I doing wrong?
Can you post pics of how your policy is set? What do the Azure sign in logs show?
Hi I have tried both:
And even though I have turned it off for now to see if the CA would work:
when I use the "what if" this states that it should work however it doesnt
what do the Azure sign in logs show when the policy is tripped?
This is what I get
Are these guest users then? If so then that makes sense. You can't force a guest user to change their password, the admin on their own tenant has to do that
Hi David,
This is the thing they are not guests and have been created with our domain name as would every account.
So should this essentially work?
Yes, but those logs indicate the account being blocked is not a member of your tenant.
I think I need to contact Microsoft as this user plus another 300 users I tried this for who flagged as medium got blocked rather than password reset and they are all users of the corp tenant not home however they did have the same reason.
yes, if its not working as expected, I would open a case!