Set complex user passwords for specific group

Josh Perrin 1 Reputation point
2020-06-01T13:52:46.247+00:00

Hi There,

I am looking at how I can set more complex password requirements for Cloud only Azure AD users.

After reading this MSFT post here. I have been able to set apply the default password policy individually to a number of users. However I now need to apply more granular requirement (preferably to a group) to set the password expiry to 30 days instead of 90 and also extend the amount of character required.

In the guide is suggests to use "Set-MsolUser" cmdlet but I can’t find any reference syntax to apply and review.

We are running Windows 10 machines connected to Azure AD and managed by InTune.

Any pointers would be greatly appreciated.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,676 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 61,906 Reputation points Microsoft MVP
    2020-06-01T16:12:31.877+00:00

    Password policies are configured per domain, only the "password never expires" setting can be toggled on a per-user basis. Also, the only control we have over the password length is the "strong" password toggle, you cannot specify a custom length. If you must enforce such requirements, configure AD FS or PTA (in other words redirect the authentication process to on-premises or external system).

    No comments