I'm curious about how password expiration works in Entra ID. Specifically, what can users expect when their password expires? If they know their current password, can they just change it, or is Self-Service Password Reset (SSPR) necessary for the update? Looking for real-world experiences. Thanks in advance!
5 Answers
If you're strictly using Entra for logins, just know that we have ours linked to Active Directory. So, users can change their password using the Windows 'Change Your Password' option. It makes things a bit simpler!
Here's something interesting: Microsoft 365 no longer supports password expiration notifications. Users might not even realize their password has expired until it hits them at sign-in. If they're using just the Outlook app, it could take days for the system to prompt them to change it after expiration, which can lead to confusion.
It's worth asking why you're considering setting password expirations in Entra. A lot of folks think it's an outdated practice now.
Yeah, password expiration feels pretty old school. Are you sure you need to implement it?
From what I've seen, you will likely need SSPR to change an expired password. It's a good backup if they forget their password, which is a common scenario.
Exactly! I have a client on a 180-day expiration schedule, and they run into issues with users not getting notified. Switching to a PIN or Windows Hello often helps since they can log in without needing to reset their password immediately.