Windows 10, Azure AD Join and Password Changes

So I have been testing around a bit with password changes on Windows 10 when my machine is joined to Azure AD. I have testet a few scenarios and would like you share my impressions. All scenarios are based on a Cloud Only enviroment and does not have any connections to an OnPremise AD.

Scenario 1: Admin wants to change the users password and the user wants to log on to Windows 10 with his new password.

My first test was to go into the manage.windowsazure.com and reset the users password. This process creates only a temporary password and the user needs to change his password on next login. If you change the password this way the user has to manually go into for example portal.office.com where the user will be prompted to set a new password by giving the temporary password. The temporary password will not work for login into the Windows 10 machine, but the new password created after visiting portal.office.com will work.

AAD-Password-00090

My second test was to go into the Office 365 Admin portal to change the users password. Now I have the option to not require the user to change the password on first logon and create a permanent password directly. You cannot define your own password in this view, the console will create a password for you. This works. And now the user can log on to the Windows 10 client with the new password directly. It doesnt seem to be sync delay either, I tested the logon just 15-20 seconds after the password was changed in the portal.

AAD-Password-0007

Scenario 2: The users wants to change the password and the log on to Windows 10 with the new password.

My first test was to go into Settings – Accounts – Sign In Options where i was presented with this view:

pass01

So of course I had to try to press Ctrl-Alt-Delete to change my password. But..

pass02

No option to change password locally on the client. So what now?

My second test on this scenario was to go to the https://myapps.microsoft.com portal to try to change the password there. (sorry about the Norwegian in the screenshot)

pass03

So I changed my password in the myapps-portal. Restartet my computer and was able to directly log into Windows 10 with my new selfdefined password.

0 thoughts on “Windows 10, Azure AD Join and Password Changes

  1. Did you joined the device to a domain using azure AD domain services? I have joined my win 10 device via Azure AD join but I can’t get the password to synchronize between Azure AD (premium) and my device. I always have to login with the old password.
    At least I know I’m not the only one looking for the password change option from ctrl+alt+del …

  2. Not Azure AD Domain services, but AAD Join adding the device into Azure AD. I have premium too and this has been working for me like I described in this post. Reboot and logon with new password.

    • I have tried … several times. I also have trouble as well signing in with PIN/Hello which I am sure are related issues. Are they both working for you? What’s strange is I am able to auto-logon to office 365 and azure… I have a ticket opened with Microsoft support

      • I have a surface pro 4, and I am able to use Hello without any issues. Latest non-insider build. I also had no issues setting up and using Work-Pin before I configured Hello.

        • I was finally able to figure it out. My firewall was blocking ICMP traffic (default setting) so it was authenticating in “offline” mode. Now everything works – current Azure AD password, PIN & Hello

  3. Hello, I have a problem with setting passwords AzureAD.
    I would like to expired password by using Office 365, which I log on to the computer appeared this information when you log on to Windows 10, as is the case with local accounts and enforce the new password. Is it possible to configure it so that a password was changed on the Windows login window and not on the website of Office 365? I also have a question how to manage Group Policy AzureAD?
    Regards

    • I am not sure I understand your question, but as of today it is not possible to change your Azure AD password within Windows 10. You will need to change it through the Web portal. There is no real Group Policies in Azure AD. Settings is to be managed in Intune for Azure Domain Joined devices.

  4. Hello, my English is terrible. I asked whether it can change the password expires when the logon screen in Windows 10. I understand that in such a situation to communicate the need for the user to change the password, you can create a script that will run every month with a message about changing the password, which will redirect on the corresponding website? Can you cope with this problem in a different way? Is there any information or password reset functionality will appear in the future in the login window Windows 10?
    I also have a second question about Intune. Do you have Windows 10, which is the standard MDM install Intune? I think this is impossible. Is it possible to remove the device from MDM?

  5. As of now I have not found a way to change password or tell users about expiring password within Windows 10 Azure AD Domain Joined devices. I have no information or insight into Microsoft Roadmaps around this or any other area.
    About Intune – When I join my device to Azure AD it will automaticly enroll in Intune. That is because I have set up a Azure AD to do so. If you set up in Azure AD that Intune should manage your enrolled devices you cannot remove Intune without also unjoining Azure AD.

    • Thank you for your quick response and an indication of what is possible to do and what not. I lost a lot of time to find out and I was looking for different solutions. Worst of contacting support MS was not told that at the present moment this is not possible. In this situation, probably the best idea to do the tasks in the schedule, which will display the message and guided to the website.

Leave a Reply

Your email address will not be published. Required fields are marked *