Can Azure AD help to sync user's password to Workstation on internet?

Question

Can a corporate domain joined workstation on the internet get user's new password change synced without connecting to corporate VPN? Is there any setting that need to be done on Azure AD for this to happen?

Answer 1

Yes, a corporate domain-joined workstation on the internet can sync a user’s new password change without connecting to the corporate VPN. This can be achieved by using Azure AD Connect with Password Hash Synchronization (PHS). https://community.spiceworks.com/topic/2273071-azure-ad-sync-computer-password-sync https://learn.microsoft.com/en-us/answers/questions/663132/azure-file-share-using-azure-ad-ds-for-authenticat

Answer 2

@Swapnil Kishor Karode

Thank you for posting this in Microsoft Q&A.

When a user changes the password on internet via corporate domain joined machine without VPN then first the password has to get changed in on-premises.

For the new password to be synced with Azure AD, first the new password has to get changed in on-premises. AD connect picks up the new password from on-premises and sync it with Azure AD. Or you can ask user to make use of Microsoft Entra SSPR feature so that the user set's the password in Azure AD first via internet and that new password is synced back to on-premises.Microsoft Entra self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If Microsoft Entra ID locks a user's account or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can't sign in to their device or an application.

https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr

Let me know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.