Can Azure AD help to sync user's password to Workstation on internet?

Swapnil Kishor Karode 0 Reputation points
2024-01-23T18:04:07.9+00:00

Can a corporate domain joined workstation on the internet get user's new password change synced without connecting to corporate VPN? Is there any setting that need to be done on Azure AD for this to happen?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,714 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Sachith Lakmal 46 Reputation points
    2024-01-23T18:47:54.56+00:00

    Yes, a corporate domain-joined workstation on the internet can sync a user’s new password change without connecting to the corporate VPN. This can be achieved by using Azure AD Connect with Password Hash Synchronization (PHS). https://community.spiceworks.com/topic/2273071-azure-ad-sync-computer-password-sync https://learn.microsoft.com/en-us/answers/questions/663132/azure-file-share-using-azure-ad-ds-for-authenticat

    0 comments No comments

  2. Sandeep G-MSFT 13,496 Reputation points Microsoft Employee
    2024-01-24T09:16:21.6366667+00:00

    @Swapnil Kishor Karode

    Thank you for posting this in Microsoft Q&A.

    When a user changes the password on internet via corporate domain joined machine without VPN then first the password has to get changed in on-premises.

    For the new password to be synced with Azure AD, first the new password has to get changed in on-premises. AD connect picks up the new password from on-premises and sync it with Azure AD. Or you can ask user to make use of Microsoft Entra SSPR feature so that the user set's the password in Azure AD first via internet and that new password is synced back to on-premises.Microsoft Entra self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If Microsoft Entra ID locks a user's account or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can't sign in to their device or an application.

    https://learn.microsoft.com/en-us/entra/identity/authentication/tutorial-enable-sspr

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments