This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 80%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKC%3C/text%3E%3C/svg%3E)
Hi,
Please It is possible to configure users to get Password expiry notifications,
We have Azure AD Connect configured but would like users to get notifications for Password expiry
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 38%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
This is 2021, we have been dealing with inefficient or non-existent password expiration notifications for too long. Someone needs to correct this basic core feature...
Hello @Kingsley Chibundu
Since you have Azure AD Connect configured to sync the User Accounts, and if you have configured Password Sync as well, you would first need to Enforce cloud password policy for Password Synced Users by using below cmdlet:
Set the password validity period and notification days by using below cmdlet:
This command updates the tenant so that all users passwords expire after 60 days. The users receive notification 14 days prior to that expiry.
-----------------------------------------------------------------------------------------------------------
Please do "Accept the answer" wherever the information provided helps you. This will help others in the community as well.
Hello @Kingsley Chibundu I just wanted to follow up if the above response helped. Please don't forget to Accept helpful replies as answer. Feel free to tag me in your reply if you have any question.
Hello @Kingsley Chibundu Have you had a chance to go through this answer?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi Amanpreet,
as you suggested this configuration, will user get password notification via email ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 53%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Hi Amanpreet, can you please write , how can this be done in Intune?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 86%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAP%3C/text%3E%3C/svg%3E)
Azure AD tenant password policy will apply to Directory sync and cloud identities?
Also, there may be multiple service accounts which might be present and enabling the password expiry will expire password for those Service accounts as well which will break the applications or what ever the service account is getting used for.
Is there a way to trigger the email notification to ONLY MEMBER ACCOUNTS WHICH HAS EMPLOYEE ID in their Azure AD profile?
It is sad that Microsoft thinks they can call Azure AD an enterprise level solution when they can't include basic, critical features like password expiration notifications in the product set. These answers that side-step the actual issue, question, and desire of customers display a true lack of customer care.
Just because some of your customers can use 3rd party solutions or devise work-arounds doesn't mean your product is providing the functionality that is needed, in fact it is not. Not everyone can utilize these outside solutions - especially not in GCC-High.
There has to be a solution that is not single focused. Why shouldn't we be able to simply enable a password reminder every x days for all cloud-based/AAD-based accounts? Why wouldn't the system enable an option to send a notification x days prior to a pw expiration on all AAD-based accounts regardless of AD Connect status?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 28.000000000000004%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDL%3C/text%3E%3C/svg%3E)
The suggested method of enforcing the cloud password policy is not an acceptable answer for hybrid environments using PHS since the on prem password policy is what will most likely be desired; especially if you have fine grained password policies set. That means that despite years of us asking for this to be addressed the only solution to date for hybrid organizations is to either implement a custom script/scheduled task or a third party tool to fill this gap in MS Azure functionality.