Hi all,
We have a requirement to sync our local ad password policy to azure ad so if the local pass policy has pass expiration date 60 days we want to match that with azure so that all cloud pass also expire at the same time. We are using password hash sync.
I am aware of the feature called EnforceCloudPasswordPolicyForPasswordSyncedUsers
My question is: If we enable this and if we match local pass policy with azure ad (If I change azure ad policy to 60 days), what will happen when user change his password locally? Will that sync and reset the timer of the cloud account or it will ask user to change cloud pass as well before 60 days?
Second questions is: Do we need to implement SSPR when we activate this feature or it works without?
Goal is to change pass locally and to update pass and reset the timer on the azure ad account.