Set complex user passwords for specific group

Josh Perrin 1 Reputation point
2020-06-01T13:52:46.247+00:00

Hi There,

I am looking at how I can set more complex password requirements for Cloud only Azure AD users.

After reading this MSFT post here. I have been able to set apply the default password policy individually to a number of users. However I now need to apply more granular requirement (preferably to a group) to set the password expiry to 30 days instead of 90 and also extend the amount of character required.

In the guide is suggests to use "Set-MsolUser" cmdlet but I can’t find any reference syntax to apply and review.

We are running Windows 10 machines connected to Azure AD and managed by InTune.

Any pointers would be greatly appreciated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 119.6K Reputation points MVP Volunteer Moderator
    2020-06-01T16:12:31.877+00:00

    Password policies are configured per domain, only the "password never expires" setting can be toggled on a per-user basis. Also, the only control we have over the password length is the "strong" password toggle, you cannot specify a custom length. If you must enforce such requirements, configure AD FS or PTA (in other words redirect the authentication process to on-premises or external system).

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.