Removing Password HASH after switching from PHS to PTA

Artem Kharlamov 21 Reputation points
2022-12-01T16:24:02.443+00:00

Hello,
I have several questions regarding migration from Azure AD Password Hash Synchronization to Pass-Through Authentication:

  1. Our client needs a confirmation what after migration (switching auth from PHS to PTA and clearing Password Hash checkbox in Azure AD Connect) passwords will not be stored in the Azure AD in any form (Password HASH included), can we see any confirmation in Azure Portal or get it with PowerShell? We need to see actual difference before and after the migration.
  2. Is that a certain procedure to remove password hashes from Azure AD after migration if hashes are still there?
  3. Can we get a list of attributes what syncs from Active Directory to Azure AD in case of PHS and PTA and see the difference?
    Thanks!
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,422 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 150.3K Reputation points MVP
    2022-12-02T00:41:22.587+00:00

    As far as I know, there is no way to remove the hash. If there are concerns, I would have users change their passwords, but since its secure, there really isnt a "security issue" here.
    Also see:
    https://learn.microsoft.com/en-us/answers/questions/77989/password-has-removal-from-azure-ad.html

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.