Password reset capabilities for synced on-prem users

Tomass Pētersons 336 Reputation points
2021-11-02T21:46:20.233+00:00

Hi!

Previously our organization had self service password reset enabled for all users. Now we have this property disabled for everyone.
145893-properties.png

We left the on-premises integration feature "Write back passwords to your on-premises directory" set to "Yes" but then we found out that this still gave all synced on-premise users capability to log in to portal and change their password despite the fact that self service password reset property was disabled, so we changed it to "No". Now on-premise synced users are not able to change their password in the portal.
145889-on-prem.png

As we are planning to enable self service password reset feature to few users that are synced from on-premise, we need to enable write back function as well. But that would again give all synced on-premise users capability to change their password in the portal. How we can limit this?

Thanks!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
0 comments
Accepted answer
  1. Vasil Michev 94,911 Reputation points MVP
    2021-11-03T06:24:51.307+00:00

    SSPR is not the same thing as users changing their own password, it's password "reset" vs password "change". The latter cannot be restricted in Azure AD/O365.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest