Azure AD Password Protection Audit Mode or Enforce Mode in Azure AD

SenhorDolas 1,326 Reputation points
2021-09-21T17:19:42.297+00:00

Hi
I have installed AZADPP on my on-prem DC and a member server (Proxy). We are hybrid.

All looks ok except when I read the FAQs...

1. Does this mean that AZADPP will only be in Audit mode when a user changes the password on-prem (via Windows control+Alt+Delete)?
2. We use a lot of Azure and Office365 services, will this mean that passwords changes via MyAcccount will be Enforced instead of just Audit mode?
3. If so what is the purpose of setting Audit?

Thanks, M

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

Accepted answer
  1. Siva-kumar-selvaraj 15,721 Reputation points
    2021-10-01T20:29:03.05+00:00

    Hello @SenhorDolas ,

    Thanks for reaching out.

    Yes, Audit mode is not supported when changing\setting passwords directly against Azure AD - Audit mode is only supported for on-premises AADPP.

    For an example: when a password is changed or set against on-premises Active Directory, the password is only evaluated locally and depends on mode it Deny or Audit password. If a password is changed or set against Azure AD, then default AAD is implicitly always in "enforce" mode when it evaluates passwords.

    Please let me know if you have any additional questions.

    ------
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.