Share via

Increase Azure AD password policy and On-premises AD password expiry policy of 90 days to 365 days

Scott Otta 20 Reputation points
2024-11-08T14:51:57.3133333+00:00

We have enabled EnforceCloudPasswordPolicyForPasswordSyncedUsers feature and set almost all users azure policy to 'none' with the exception of a few accounts that are set to DisablePasswordExpiration. The default Azure AD password policy does match our On-premises AD password expiry policy of 90 days.

We would like to increase the policy for users to 1 year and do we simple update the two policies to match.
We have 5 domains do we update the Azure AD password policy to match by using the Set-MsolPasswordPolicy PowerShell command or will the GUI admin center be sufficient?
More importantly, will this have any impact on users such as requiring an immediate password change?
Thank you for taking the time to review.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Active Directory Federation Services
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
    2024-11-08T15:53:17.56+00:00

    You can update each domain using:

    User's image

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-password-hash-synchronization#cloudpasswordpolicyforpasswordsyncedusersenabled

    It wont require an immediate password change, only when its set to expire.

    P.S. I dont see the value in requiring a password expiration - esp one that is 365 days. but I understand the business may require that for some reason :)

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.