Share via

Removing Password HASH after switching from PHS to PTA

Artem Kharlamov 21 Reputation points
2022-12-01T16:24:02.443+00:00

Hello,
I have several questions regarding migration from Azure AD Password Hash Synchronization to Pass-Through Authentication:

  1. Our client needs a confirmation what after migration (switching auth from PHS to PTA and clearing Password Hash checkbox in Azure AD Connect) passwords will not be stored in the Azure AD in any form (Password HASH included), can we see any confirmation in Azure Portal or get it with PowerShell? We need to see actual difference before and after the migration.
  2. Is that a certain procedure to remove password hashes from Azure AD after migration if hashes are still there?
  3. Can we get a list of attributes what syncs from Active Directory to Azure AD in case of PHS and PTA and see the difference?
    Thanks!
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Answer accepted by question author
  1. Andy David - MVP 159.7K Reputation points MVP Volunteer Moderator
    2022-12-02T00:41:22.587+00:00

    As far as I know, there is no way to remove the hash. If there are concerns, I would have users change their passwords, but since its secure, there really isnt a "security issue" here.
    Also see:
    https://learn.microsoft.com/en-us/answers/questions/77989/password-has-removal-from-azure-ad.html

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.