Set complex user passwords for specific group

Josh Perrin 1 Reputation point
2020-06-01T13:52:46.247+00:00

Hi There,

I am looking at how I can set more complex password requirements for Cloud only Azure AD users.

After reading this MSFT post here. I have been able to set apply the default password policy individually to a number of users. However I now need to apply more granular requirement (preferably to a group) to set the password expiry to 30 days instead of 90 and also extend the amount of character required.

In the guide is suggests to use "Set-MsolUser" cmdlet but I can’t find any reference syntax to apply and review.

We are running Windows 10 machines connected to Azure AD and managed by InTune.

Any pointers would be greatly appreciated.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vasil Michev 94,911 Reputation points MVP
    2020-06-01T16:12:31.877+00:00

    Password policies are configured per domain, only the "password never expires" setting can be toggled on a per-user basis. Also, the only control we have over the password length is the "strong" password toggle, you cannot specify a custom length. If you must enforce such requirements, configure AD FS or PTA (in other words redirect the authentication process to on-premises or external system).

    0 comments