password hash sync locked AD accounts

skip hofmann 46 Reputation points

Hello all

Thinking about moving from ADFS auth to password hash sync, however i would like to get an understanding how other companies are handling the below limitations of PHS ?

1.locked onprem not respected in Azure
2.password is expired not respected in Azure
3.restricted logon hours not respected in Azure
4.password is expired not respected in Azure

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,748 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vasil Michev 71,216 Reputation points MVP

    Instead of PHS, enable PTA+SSO. Not only it will address all the above concerns, but will give your users a seamless SSO experience similar to AD FS.

    0 comments No comments

  2. skip hofmann 46 Reputation points

    I understand that, however i wanted to avoid all dependencies with onprem agents.

    0 comments No comments