question

kayceec avatar image
1 Vote"
kayceec asked RaviBowman-2353 published

Users Password expiry notification from Azure

Hi,

Please It is possible to configure users to get Password expiry notifications,

We have Azure AD Connect configured but would like users to get notifications for Password expiry

azure-ad-user-managementazure-notification-hubs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered amitmne commented

Hello @kayceec

Since you have Azure AD Connect configured to sync the User Accounts, and if you have configured Password Sync as well, you would first need to Enforce cloud password policy for Password Synced Users by using below cmdlet:

  • Run Connect-MsolService and login with Global Admin account.

  • Run Set-MsolDirSyncFeature -Feature EnforceCloudPasswordPolicyForPasswordSyncedUsers -Enable $true to Enforce cloud password policy for Password Synced Users

Set the password validity period and notification days by using below cmdlet:

  • Set-MsolPasswordPolicy -ValidityPeriod 60 -NotificationDays 14

This command updates the tenant so that all users passwords expire after 60 days. The users receive notification 14 days prior to that expiry.


Please do "Accept the answer" wherever the information provided helps you. This will help others in the community as well.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @kayceec I just wanted to follow up if the above response helped. Please don't forget to Accept helpful replies as answer. Feel free to tag me in your reply if you have any question.

0 Votes 0 ·

Hello @kayceec Have you had a chance to go through this answer?

0 Votes 0 ·

Hi Amanpreet,

as you suggested this configuration, will user get password notification via email ?

0 Votes 0 ·
DyeLarry-2374 avatar image
0 Votes"
DyeLarry-2374 answered

The suggested method of enforcing the cloud password policy is not an acceptable answer for hybrid environments using PHS since the on prem password policy is what will most likely be desired; especially if you have fine grained password policies set. That means that despite years of us asking for this to be addressed the only solution to date for hybrid organizations is to either implement a custom script/scheduled task or a third party tool to fill this gap in MS Azure functionality.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnkurVeee avatar image
0 Votes"
AnkurVeee answered

Also, there may be multiple service accounts which might be present and enabling the password expiry will expire password for those Service accounts as well which will break the applications or what ever the service account is getting used for.

Is there a way to trigger the email notification to ONLY MEMBER ACCOUNTS WHICH HAS EMPLOYEE ID in their Azure AD profile?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DavidBycraftADM-5066 avatar image
0 Votes"
DavidBycraftADM-5066 answered

I couldn't agree more with AnkurVeee and DyeLarry-2374. What is required is a group-based notification for users whose pw's are due to expire, so pw is read from AD via AD Connect and if pwlastset attribute is < X days, send an email, potentially allow multiple emails to be send i.e. 14 days, 7 days, 1 day.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RaviBowman-2353 avatar image
3 Votes"
RaviBowman-2353 answered RaviBowman-2353 published

This is 2021, we have been dealing with inefficient or non-existent password expiration notifications for too long. Someone needs to correct this basic core feature...

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.