Update concept-sspr-policy.md #1599
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We have tested few scenarios where the user that is created in the cloud with no on-prem footprint can always reset their password using their old password. No matter where they reset they can re-use the same password over and over even after expiration. This is because Entra ID does not store user's password, therefore when a user tries to reset their password and use their immediate old password, they are still able to reset. The table in this document indicates that it shouldn't be possible and customers are opening support cases on. But this only applies when the user is synced from on-prem and tries to do password writeback. password change history The last password can't be used again when the user changes a password. Password reset history The last password can be used again when the user resets a forgotten password.
|
@OusmaneDi : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
prmerger-automator
bot
added
authentication/subsvc
Change sent to author
entra-id/svc
labels
|
Learn Build status updates of commit ba24bab: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
| @@ -50,6 +50,7 @@ The following Microsoft Entra password policy options are defined. Unless noted, | |||
| | Password expiry (Let passwords never expire) |Default value: **false** (indicates that passwords have an expiration date).<br>The value can be configured for individual user accounts by using the [Update-MgUser](/powershell/module/microsoft.graph.users/update-mguser) cmdlet. | | |||
| | Password change history | The last password *can't* be used again when the user changes a password. | | |||
| | Password reset history | The last password *can* be used again when the user resets a forgotten password. | | |||
| **Important:** The password change history in the above table applies to passwrd writeback. For users in the cloud only, reset password or Entra ID does not have the user's old password and as such cannot check for the same and prevent password reuse. | |||
There was a problem hiding this comment.
Suggested change
| **Important:** The password change history in the above table applies to passwrd writeback. For users in the cloud only, reset password or Entra ID does not have the user's old password and as such cannot check for the same and prevent password reuse. | |
| > [!IMPORTANT] | |
| > The password change history applies to password writeback. For users in the cloud only, reset password for Entra ID doesn't have the user's old password and can't check for or prevent password reuse. |
|
@Justinha - Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
|
@Justinha Could you review this proposed update to your article and enter Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We have tested few scenarios where the user that is created in the cloud with no on-prem footprint can always reset their password using their old password. No matter where they reset they can re-use the same password over and over even after expiration.
This is because Entra ID does not store user's password, therefore when a user tries to reset their password and use their immediate old password, they are still able to reset.
The table in this document indicates that it shouldn't be possible and customers are opening support cases on. But this only applies when the user is synced from on-prem and tries to do password writeback.
password change history The last password can't be used again when the user changes a password. Password reset history The last password can be used again when the user resets a forgotten password.