0

This might be a silly question but when a user resets their password on azure ad, how does it make sure the password is compliant with the onpremise Group Policy which specifies number of characters etc. We have no ad controllers in azure and will use azure ad for all authentication

Thanks and sorry if Iā€™m being a bit dense.

Norrin Rad
  • 353
  • 1
  • 4
  • 12

1 Answers1

1

When you synchronize your on premises AD to Azure AD, your on premises password policy becomes your Azure AD password policy. So any password change from the cloud must comply with your on premises password policy because the on premises password policy is your Azure AD password policy.

Note that if you are using password hash synchronization and unless you have password writeback enabled (which requires an Azure AD Premium subscription) the on premises password will overwrite the cloud password on the next password hash sync from the on premises directory.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Thanks for clearing that up, does this happen to all the domain GPO's or just certain policies that apply to Azure, in which case how I do know which ones? ā€“ Norrin Rad Jun 26 '19 at 07:45
  • By default there is only one password policy per AD domain and that is defined by default in the Default Domain GPO. This AD password policy becomes your Azure AD password policy when you sync your on premises AD to Azure AD. ā€“ joeqwerty Jun 26 '19 at 11:37