question

eg1995-5273 avatar image
0 Votes"
eg1995-5273 asked eg1995-5273 answered

azure AD SSPR

dears,

i implemented azure ad connect on my on premises and synced users to office365.
i already have on my DC a password policy.
and i want to enable SSPR from azure ad.

if i also created a password policy in azure ad that doesnt match with my on premises, what will happen when users change their password from azure AD?

because the policies are different. does the onpremises one take priority?
thanks
Elio

azure-active-directoryazure-ad-sspr
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

eg1995-5273 avatar image
0 Votes"
eg1995-5273 answered michev commented

hi @michev yeah i meant that this feature would be also enabled. so in this way the onpremises policy will take priority over azure ad?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yes, if you have writeback enabled, only the on-premises policy matters.

0 Votes 0 ·
michev avatar image
0 Votes"
michev answered

The on-premises policy doesn't matter, only the cloud one. If you want the on-premises policy to be the effective one, you need to also enable the password writeback feature: https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.