A way to be forced to change the PC login password from Azure AD console

Question

Hi
I am administrator of Azure AD and working underway to be joined local PCs to Azure AD right now.

I thought that when user login first to PC then the password made to change by "Require this user to change their password when they first sign in" of Azure AD console, such equal as case of local AD, but there is no password changing forced and be able to only change the password at will of the user.
It was unexpected.

I don't understand why the end user's password change was ordered by Azure AD but the command is not executed on the local PC.

If you know how to use Azure AD to force end users to change their passwords, please let me know.

Thanks,

Answer 1

Hi @bil1ej , I double checked some things and should have a working answer for you.

You need to have a separate "force password change at next logon" on the local AD, and also have password writeback enabled. This needs to be enforced at the local level. Azure AD requiring users to change their passwords during next login is only applied to users accessing Microsoft sites/products (i.e. myapps, Azure Portal, logging-in through SSO, using the login.microsoft.com URL, etc.).

If you're using AD Connect, PHS would work too.

Please let me know if you have any other questions and I can help you further.

If this answer helped you please mark it as "Verified" so other users may reference it.

Thank you,
James

Answer 2

Hi @bil1ej , if I understand you correctly, you're using joined devices to link local PCss to AAD? I don't believe you can force a local PC password to change using joined devices alone. Are you using anything else on these PCs, such as Hello For Business or VM's? I think what you're looking for is something on the Windows level, not AAD. Please let me know if this helps.

Best,
James