Azure AD B2C Custom Policy with force password reset after 90 days - can change to existing password

Sid Mohiddin 31 Reputation points
2024-02-28T11:08:32.8533333+00:00

I have successfully integrated the Azure AD B2C Custom Policy with force password reset after 90 days. All works well except for one thing. User is presented with "New Password/Confirm Password" entry fields. User is able to set the new password same as their old password and it succeeds.

Is it possible to update the 90day sample, such that the user is prompted for their old password and cannot change to their old password?

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
683 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.