Enable Password writeback for Azure AD
If you want to read all my new article at once, feel free to scan the following QR code to follow my wechat account.
There is always someone to learn from is happening for me again which is a good news in my mind. That mean I don’t need to work alone anymore.
Well, we keep having the problem since using office 365. As all of our user is host on the local ldap server and use Azure AD Connector to syn to Azure AD. So end user won’t successful to reset the password directly from Office 365 because the default Office 365 A5 license do not have the ability to let the latest password reset from the cloud to write back to local ldap server. We confirm with Microsoft that we have to order Azure AD Premium license which is too expensive for school to order it.
However, we hear from one of the friend discuss it from Wechat group and mention that once you got one Microsoft 365 A5 license, you can enable to password write back feature for your whole tenant. Well, we did order some Microsoft 365 A5 license to active the ATP service to protect our data. Why not try to turn on the password writeback feature and try it. If it works, that means Teacher don’t require to login to any third part service to reset their password to local LDAP server.
Let’s try how to do it now. First of all, make sure to assign Microsoft 365 A5 license under your account so that you got the permission to change the setting. As my pervious tutorial have show how to do it, so let’s skip for this step.
Login to the Azure AD with your account with got Microsoft 365 A5 license from the linke below: https://azure.microsoft.com/en-us/services/active-directory/
Click into filed “User”.
Click into “Password Reset”.
Under “On-premises integration” switch the box “Write back passwords to your on premises directory” to Yes.
Then select the user who can apply for the password writeback permission under properties like the screenshot below. I personally suggest to choose All so everyone can get the permission to reset the password from Office 365 directly.
After all, the password writeback feature is enable for your tenant. So let’s take a look how does the end user reset their password at their end.
Sign into Microsoft O365 and then click the person icon on the top right corner→ My account.
Click the Security & privacy on left panel and then click Password.
Type in your old password for verification and then type in your new password and
submit.
Tips:
Keep in mind new AISG passwords must
Meet at least three of these four criteria:
- min 8 characters in length
- include letters and numbers
- include at least one capital letter
- include at least one special characters
Additionally, you cannot reuse a recent password.