882 questions
Azure AD B2C Custom Policy with force password reset after 90 days - can change to existing password
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 86%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sid Mohiddin
31
Reputation points
I have successfully integrated the Azure AD B2C Custom Policy with force password reset after 90 days. All works well except for one thing. User is presented with "New Password/Confirm Password" entry fields. User is able to set the new password same as their old password and it succeeds.
Is it possible to update the 90day sample, such that the user is prompted for their old password and cannot change to their old password?
Microsoft Security | Microsoft Identity Manager
Sign in to answer