Disable Strong Password Requirement in Office 365

Office 365 (Azure Active Directory) is fairly strict with its password policy and complexity requirements. It will be important to be educated on this topic to understand how to works when on premise environment and Office 365 need to be integrated for directory and password synchronization.

Personally, I recommend that the on premise environment password policy and complexity settings match what is required for Azure AD. But this is not necessary (especially with a hybrid deployment).

It is important to note that when password synchronization is enabled via the directory synchronization tool … “the password complexity policies configured in the on-premises Active Directory override any complexity policies that may be defined in the cloud for synchronized users. This means any password that is valid in the customer’s on-premises Active Directory environment can be used for accessing Azure AD services.” (Implement Password Synchronization)

However, there might be other scenarios in which users just can’t handle or don’t understand complex (strong) passwords. In virtually every other scenario (non-hybrid), the password complexity policies apply. Nevertheless, should the need arise, the strong password requirement can be disabled.

 

Disable Strong Password Requirement

Connect to Office 365 via the Azure AD Module for PowerShell

Check the strong password setting for all users with this command…

Get-MsolUser | ft -auto UserPrincipalName,StrongPasswordRequired

By default, for each user displayed, the value for the StrongPasswordRequired parameter should be set to “True”. The only time it will not be will be with shared and resource mailboxes–since these types of mailboxes do not require their own credentials. In that case, the StrongPasswordRequired parameter should be set to “<blank>”.

 

To disable the setting for an individual user in O365, use this command…

Set-MsolUser -UserPrincipalName "USER_PRINCIPAL_NAME" -StrongPasswordRequired $false

The results of running this command will set the StrongPasswordRequired parameter should be set to “False”.

 

To disable the setting for all O365 users, use this command…

Get-MsolUser | Set-MsolUser -StrongPasswordRequired $false

 

NOTE: The StrongPasswordRequired parameter can be set on shared and resource mailboxes, however, if they are they cannot be set back to the original value of “<blank>”.

 

Related Articles in this Blog:

 

Reference(s):

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s