• Opcom Activate Password Execution Site
• Opcom Activate Password Executioner

-->

This article describes the password policies and complexity requirements associated with user accounts in your Azure Active Directory (Azure AD) tenant.

Op-com Help Needed - posted in VX220 Discussion: I have just bought a Op-com off flee bay trouble is i can't get it to work keeps asking for activation code which i cant find i tried registering it but it says chines illegal copy i have emailed the seller but know reply just wondered if anyone has any ideas. Scope of functionality: • Easy, intuitive handling provided by a graphic user interface. • Readout of measurement data and gradients, oil reference data. Password protected option to setup the sensor. The steps that must be executed for commissioning LubMon Config with an ARGO-HYTOS.

Administrator reset policy differences

Microsoft enforces a strong default two-gate password reset policy for any Azure administrator role this policy may be different from the one you have defined for your users and cannot be changed. You should always test password reset functionality as a user without any Azure administrator roles assigned.

With a two-gate policy, administrators don't have the ability to use security questions.

The two-gate policy requires two pieces of authentication data, such as an email address, authenticator app, or a phone number. A two-gate policy applies in the following circumstances:

• All the following Azure administrator roles are affected:

  • Helpdesk administrator
  • Service support administrator
  • Billing administrator
  • Partner Tier1 Support
  • Partner Tier2 Support
  • Exchange administrator
  • Skype for Business administrator
  • User administrator
  • Directory writers
  • Global administrator or company administrator
  • SharePoint administrator
  • Compliance administrator
  • Application administrator
  • Security administrator
  • Privileged role administrator
  • Intune administrator
  • Application proxy service administrator
  • Dynamics 365 administrator
  • Power BI service administrator
  • Authentication administrator
  • Privileged Authentication administrator

• If 30 days have elapsed in a trial subscription; or

• A vanity domain is present, such as contoso.com; or

• Azure AD Connect is synchronizing identities from your on-premises directory

Exceptions

A one-gate policy requires one piece of authentication data, such as an email address or phone number. A one-gate policy applies in the following circumstances:

• It's within the first 30 days of a trial subscription; or
• A vanity domain isn't present (*.onmicrosoft.com); and
• Azure AD Connect isn't synchronizing identities

UserPrincipalName policies that apply to all user accounts

Every user account that needs to sign in to Azure AD must have a unique user principal name (UPN) attribute value associated with their account. The following table outlines the policies that apply to both on-premises Active Directory user accounts that are synchronized to the cloud and to cloud-only user accounts:

Property	UserPrincipalName requirements
Characters allowed	A – Z a - z 0 – 9 ' . - _ ! # ^ ~
Characters not allowed	Any '@' character that's not separating the username from the domain. Can't contain a period character '.' immediately preceding the '@' symbol
Length constraints	The total length must not exceed 113 characters There can be up to 64 characters before the '@' symbol There can be up to 48 characters after the '@' symbol

Password policies that only apply to cloud user accounts

The following table describes the password policy settings applied to user accounts that are created and managed in Azure AD:

Property	Requirements
Characters allowed	A – Z a - z 0 – 9 @ # $ % ^ & * - _ ! + = [ ] { } : ‘ , . ? / ` ~ ' ( ) ; blank space
Characters not allowed	Unicode characters. Cannot contain a dot character '.' immediately preceding the '@' symbol”.
Password restrictions	A minimum of 8 characters and a maximum of 256 characters. Requires three out of four of the following: Lowercase characters. Uppercase characters. Numbers (0-9). Symbols (see the previous password restrictions).
Password expiry duration	Default value: 90 days. The value is configurable by using the Set-MsolPasswordPolicy cmdlet from the Azure Active Directory Module for Windows PowerShell.
Password expiry notification	Default value: 14 days (before password expires). The value is configurable by using the Set-MsolPasswordPolicy cmdlet.
Password expiry	Default value: false days (indicates that password expiry is enabled). The value can be configured for individual user accounts by using the Set-MsolUser cmdlet.
Password change history	The last password can't be used again when the user changes a password.
Password reset history	The last password can be used again when the user resets a forgotten password.
Account lockout	After 10 unsuccessful sign-in attempts with the wrong password, the user is locked out for one minute. Further incorrect sign-in attempts lock out the user for increasing durations of time. Smart lockout tracks the last three bad password hashes to avoid incrementing the lockout counter for the same password. If someone enters the same bad password multiple times, this behavior will not cause the account to lockout.

Set password expiration policies in Azure AD

A global administrator or user administrator for a Microsoft cloud service can use the Microsoft Azure AD Module for Windows PowerShell to set user passwords not to expire. You can also use Windows PowerShell cmdlets to remove the never-expires configuration or to see which user passwords are set to never expire.

This guidance applies to other providers, such as Intune and Office 365, which also rely on Azure AD for identity and directory services. Password expiration is the only part of the policy that can be changed.

Note

Only passwords for user accounts that are not synchronized through directory synchronization can be configured to not expire. For more information about directory synchronization, see Connect AD with Azure AD.

Opcom Activate Password Execution Site

Set or check the password policies by using PowerShell

To get started, you need to download and install the Azure AD PowerShell module. After you have it installed, you can use the following steps to configure each field.

Check the expiration policy for a password

Opcom Activate Password Executioner

1. Connect to Windows PowerShell by using your user administrator or company administrator credentials.

2. Execute one of the following commands:

   • To see if a single user’s password is set to never expire, run the following cmdlet by using the UPN (for example, aprilr@contoso.onmicrosoft.com) or the user ID of the user you want to check:
   • To see the Password never expires setting for all users, run the following cmdlet:

Set a password to expire

1. Connect to Windows PowerShell by using your user administrator or company administrator credentials.

2. Execute one of the following commands:

   • To set the password of one user so that the password expires, run the following cmdlet by using the UPN or the user ID of the user:
   • To set the passwords of all users in the organization so that they expire, use the following cmdlet:

Set a password to never expire

1. Connect to Windows PowerShell by using your user administrator or company administrator credentials.

2. Execute one of the following commands:

   • To set the password of one user to never expire, run the following cmdlet by using the UPN or the user ID of the user:
   • To set the passwords of all the users in an organization to never expire, run the following cmdlet:

   Warning

   Passwords set to -PasswordPolicies DisablePasswordExpiration still age based on the pwdLastSet attribute. If you set the user passwords to never expire and then 90+ days go by, the passwords expire. Based on the pwdLastSet attribute, if you change the expiration to -PasswordPolicies None, all passwords that have a pwdLastSet older than 90 days require the user to change them the next time they sign in. This change can affect a large number of users.

Next steps

The following articles provide additional information about password reset through Azure AD:

• Reset or change your password.
• Register for self-service password reset.