question

saha-3843 avatar image
0 Votes"
saha-3843 asked KyleXu-MSFT commented

How can user access outlook without change their password after 30 days.

I have an Azure AD hybrid model and user are sync from On-premises. I have a password expiration policy of 30 days in cloud. User have to change password after 30 days. But the concern is some User who have in specific OU in On-premises can access Outlook without changing password. I have checked Users Audit log from Azure AD but did not find any password changing log there.

I hope you understand the scenario. Did I miss something? FYI, I have also a on-premises password expiration policy of 30 days and user are not in domain Network. I really appreciate your help on it.

Thanks in advance!

office-exchange-hybrid-itproazure-ad-passwordless-authentication
· 5
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KyleXu-MSFT avatar image KyleXu-MSFT ·

@saha-3843
I am writing here to confirm with you any update about this thread now.
If the suggestion below helps, please feel free to accept it as an answer to help more people.

0 Votes 0 ·
saha-3843 avatar image saha-3843 KyleXu-MSFT ·

@KyleXu-MSFT Thanks for sharing the article. But we still facing the problem after require configuration. we working on it.

0 Votes 0 ·
KyleXu-MSFT avatar image KyleXu-MSFT saha-3843 ·

For Outlook client, it won't be forced to reset their Microsoft 365 password until it expires in the cache. This can be several days after the actual expiration date. There's no workaround for this at the admin level

0 Votes 0 ·
Show more comments

1 Answer

KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered

@saha-3843

Do you want to prevent users who have not changed their passwords from accessing Outlook? If so, I would suggest you let them try to log on OWA first, check whether password expiration policy applied on them.

If they don't need to change their password when logon OWA, it means this expiration policy hasn't applied to their mailboxes now.

If they need to change password from OWA, it means the expiration policy has applied on their mailboxes. But, for Outlook clients, there exists cache information, they may not get a reminder to change your password immediately. For more detailed information about it, you could have a look at this article.

190717-qa-kyle-09-49-23.png

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


qa-kyle-09-49-23.png (21.6 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.