SSPR is not the same thing as users changing their own password, it's password "reset" vs password "change". The latter cannot be restricted in Azure AD/O365.
Password reset capabilities for synced on-prem users
Hi!
Previously our organization had self service password reset enabled for all users. Now we have this property disabled for everyone.
We left the on-premises integration feature "Write back passwords to your on-premises directory" set to "Yes" but then we found out that this still gave all synced on-premise users capability to log in to portal and change their password despite the fact that self service password reset property was disabled, so we changed it to "No". Now on-premise synced users are not able to change their password in the portal.
As we are planning to enable self service password reset feature to few users that are synced from on-premise, we need to enable write back function as well. But that would again give all synced on-premise users capability to change their password in the portal. How we can limit this?
Thanks!