This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 26%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
dears,
i implemented azure ad connect on my on premises and synced users to office365.
i already have on my DC a password policy.
and i want to enable SSPR from azure ad.
if i also created a password policy in azure ad that doesnt match with my on premises, what will happen when users change their password from azure AD?
because the policies are different. does the onpremises one take priority?
thanks
Elio
hi @Vasil Michev yeah i meant that this feature would be also enabled. so in this way the onpremises policy will take priority over azure ad?
Yes, if you have writeback enabled, only the on-premises policy matters.
The on-premises policy doesn't matter, only the cloud one. If you want the on-premises policy to be the effective one, you need to also enable the password writeback feature: https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback