Share via

How can I get the email alert for all of my users with the password expiring less than 7 days?

EnterpriseArchitect 5,761 Reputation points
2023-08-14T00:54:19.45+00:00

After implementing the https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-windows feature for all my workstations, how can I get the email alert for the expiring password for the users?

Since I am using Windows 11, I got this built-in notification:

User's image

The reason for the email alert, is so the user without access to their desktop, can also visit https://aka.ms/sspr when not logging into any desktop

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
12,075 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
3,038 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
11,360 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
3,130 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,187 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. S.Sengupta 22,741 Reputation points MVP
    2023-08-14T01:06:49.72+00:00

    To set up email alerts for expiring passwords for users in Outlook, you'll need to use a combination of your email system (like Microsoft Exchange) and a password expiration monitoring solution. While Outlook itself doesn't have built-in password expiration alert capabilities.

    1.Ensure that you have a password expiration policy in place for your user accounts.

    2.Configure the password expiration monitoring solution to send notifications when a user's password is about to expire.

    3.Create distribution groups in Outlook that include the users who need to receive password expiration alerts.

    4.Configure the password expiration monitoring solution to automatically send email alerts to the distribution groups you created

  2. Brian Zarb 1,670 Reputation points
    2023-08-14T06:53:36.12+00:00

    The answer provided by S.Sengupta gives a high-level overview of the solution, but it doesn't delve into specifics, particularly when you are interested in Azure Active Directory (Azure AD) rather than on-premises systems.

    Here's a more specific answer tailored to Azure AD that will help you set up email alerts for users with passwords expiring in less than 7 days when using Azure Active Directory:

    Azure AD Password Expiry Policy: Ensure that you've set up a password expiration policy within Azure AD. If you're using Azure AD solely, the default behavior is that passwords never expire. If you have synchronized your Azure AD with on-premises AD using Azure AD Connect, then the expiry would typically come from your on-premises AD settings.

    Azure AD PowerShell Module: To retrieve a list of users with passwords about to expire, you can use the AzureAD or AzureADPreview PowerShell module. Here's a basic script to get users whose passwords will expire in the next 7 days:

    Import-Module AzureAD
$cred = Get-Credential
Connect-AzureAD -Credential $cred
$users = Get-AzureADUser -All $true | Where-Object { ($_.PasswordPolicies -eq "DisablePasswordExpiration") -eq $false }
foreach ($user in $users) {
    $pwdLastChanged = Get-AzureADUserPasswordLastChangeDateTime -ObjectId $user.ObjectId
    $daysToExpiry = [math]::Round((($pwdLastChanged.AddDays(90) - (Get-Date)).TotalDays)) # Assuming default 90 days password expiry
    
    if ($daysToExpiry -le 7) {
        # Send email alert. This could be done using Send-MailMessage cmdlet or any other email sending mechanism.
    }
}

    Email Alerts: For sending the email alerts, as mentioned in the code comment, you can use the Send-MailMessage cmdlet in PowerShell. You'll need to set up SMTP details to use this cmdlet. Another option is to integrate with Microsoft Graph to send emails through Office 365.

    Automation: You'll want to automate this script to run on a daily basis. This could be done using Azure Automation or any other job scheduler you have in place.

    A note regarding the provided answer:

    The answer mentioning "Outlook" and "distribution groups in Outlook" is somewhat misleading. Outlook is just an email client. The relevant system for these tasks would be Azure AD (for directory management) and Microsoft Exchange (for email). Creating distribution groups for users about to expire might be overkill and inefficient. Instead, just send the alert directly to the individual user whose password is about to expire. They didn't mention the relevance of Azure AD and seemed to focus on an on-premises solution, which might not be ideal for your scenario.

    In conclusion, the provided answer is a start but lacks slightly Azure-specific details. If you're managing users in Azure AD, you would ideally leverage Azure AD-specific tools and services, not just a generic solution.

    I hope this helps, if it does kindly mark it as the answer and consider following. thank you

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.