User can login Azure AD joined Laptop and using office365 services after password expired

Rocky Mondal 86 Reputation points
2020-10-29T08:40:17.037+00:00

We have configured 45 days password expired and 7 days before notified about expiration in office365 Admin Portal. Laptops are joined to Azure AD and we are using Intune service.

Some users password have expired but still users can login Laptop and using office365 services (Skype for business, Outlook, Onedrive for business sync). That's why new policies and Apps installations are not applied in user laptops.

Why user can login Laptop and using office365 services (Skype for business, Outlook, Onedrive for business sync) after password expired? It should be forced user to reset password.

As per snap, user last password reset on 13th-Aug-2020 but still can login Laptop and using office365 services without change his password.
In sign-in logs Azure AD status is showing Interrupted due to password expired and next log is showing login success.

Please help me on this.

35920-password-reset1.jpg

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,270 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,556 Reputation points
    2020-10-29T12:32:59.137+00:00

    Hi @Rocky Mondal · Thank you for reaching out.

    Password expiration policy configured in Azure AD applies to cloud only users by default. It is possible that the policy you have configured is not getting applied to synced user accounts. If you want to apply same policy to synced users as well, you need to run below cmd:

    1. Install-Module MSOnline - To install the required module.
    2. Connect-MsolService - Sign in with Global Admin account of your tenant.
    3. Set-MsolDirSyncFeature -Feature EnforceCloudPasswordPolicyForPasswordSyncedUsers -Enable $true - To enforce password policies configured in Azure on synced user accounts as well.

    Kindly go through your previous post as well and If the answer helped, please contribute back to community by accepting the answer.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.