0

I've tried "force password reset on user logon" custom policies, it works fine. We're passing the below Graph API parameter for user a/c create, "passwordPolicies": "DisablePasswordExpiration"

In SSPR feature, May I know the default password policy, please?

https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy explains the default password expiry duration is 90 days. I'm using B2C custom policies, does this SSPR default 90 days not applicable for B2C Local Accounts? SSPR policy for standard AD users and SSPR B2C tenant user are different? Could someone please clarify this?

Password expiry duration (Maximum password age) Default value: 90 days. The value is configurable by using the Set-MsolPasswordPolicy cmdlet from the Azure Active Directory Module for Windows PowerShell.

Thanks.

Karikalan
  • 107
  • 10

1 Answers1

1

• Yes, the SSPR policy for the Azure AD and Azure AD B2C tenants are different from eachother because Azure AD is specifically meant for managing an organization’s internal environment, i.e., its users and applications for internal organizational purpose while Azure AD B2C is meant for hosting client facing applications and web apps and customize them accordingly including authentication and other features.

• Also, as you can customize the password reset policy in Azure AD B2C, only the password complexity is defined to be as default while there is no mention for the password expiration as a default value in Azure AD B2C custom default values. You can find the below example for your reference. Below is mentioned the reference for a building block example of password complexity in Azure AD B2C custom policy which is considered as default.

  ‘ <!-- 
      <BuildingBlocks>-->
 <Predicates>
<Predicate Id="LengthRange" Method="IsLengthRange">
  <UserHelpText>The password must be between 6 and 64 characters.</UserHelpText>
  <Parameters>
    <Parameter Id="Minimum">6</Parameter>
    <Parameter Id="Maximum">64</Parameter>
  </Parameters>
</Predicate>
<Predicate Id="Lowercase" Method="IncludesCharacters">
  <UserHelpText>a lowercase letter</UserHelpText>
  <Parameters>
    <Parameter Id="CharacterSet">a-z</Parameter>
  </Parameters>
</Predicate>
<Predicate Id="Uppercase" Method="IncludesCharacters">
  <UserHelpText>an uppercase letter</UserHelpText>
  <Parameters>
    <Parameter Id="CharacterSet">A-Z</Parameter>
  </Parameters>
</Predicate>
<Predicate Id="Number" Method="IncludesCharacters">
  <UserHelpText>a digit</UserHelpText>
  <Parameters>
    <Parameter Id="CharacterSet">0-9</Parameter>
   </Parameters>
   </Predicate>
   <Predicate Id="Symbol" Method="IncludesCharacters">
    <UserHelpText>a symbol</UserHelpText>
    <Parameters>
       <Parameter Id="CharacterSet">@#$%^&amp;*\-_+=[]{}|\\:',.?/`~"();! 
     </Parameter>
     </Parameters>
    </Predicate>
  </Predicates>
 <!-- 
  </BuildingBlocks>--> ‘

Thus, you can design your own SSPR user flow in Azure AD B2C using custom policy and the user flow that will be defined. Please find the below links for more information: -

https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-custom-policy#password-reset-policy-legacy

https://learn.microsoft.com/en-us/azure/active-directory-b2c/aad-sspr-technical-profile

Kartik Bhiwapurkar
  • 4,550
  • 2
  • 4
  • 9