1

Is there a way for local ADB2C users to receive password expiration notifications to their email?

We are planning to set the DisablePasswordExpiration flag to false, but it's not clear if users will be getting notified that their password is about to expire.

Marina Gurevich
  • 51
  • 7

2 Answers2

0

The only way I can think to do this is to run a script on all users to set extension_passwordResetOn claim to the current date and time as per this sample.

Then every time the user logs on, get the date. When it's got to (say) 80 days, call a REST API in the custom policy to send an email stating "Password will expire in 10 days".

rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • What if they don't login for a while? – Marina Gurevich Feb 19 '22 at 01:20
  • You could have a script that runs every week that does that same thing. – rbrayb Feb 19 '22 at 01:26
  • Yes, I agree, should probably do that. We already have a background job in our app that sends password expiration reminders for users stored in the local db. Now we are moving them to B2C. I could probably leverage the same reminder job and query the extensions attribute with Graph API. I guess I cant get password expiration from the user password policy object? – Marina Gurevich Feb 19 '22 at 01:28
  • Anyways, I've got something to try and play with. Thanks. – Marina Gurevich Feb 19 '22 at 01:40
-1

Yes, For Local Account users in AzureAD B2C tenant we can set notification for exipring password by applying the password policy.

Note: This Password policy won't apply on External Users.

Steps to Set password expiration policy.

  1. In the Microsoft 365 admin center, go to the Security & privacy tab under Org Settings. If you aren't a global admin, you won't see the Security and privacy option.
  2. Select Password expiration policy.
  3. If you don't want users to have to change passwords, uncheck the box next to Set user passwords to expire after a number of days.
  4. Type how often passwords should expire. Choose a number of days from 14 to 730.
  5. In the second box type when users are notified that their password will expire, and then select Save. Choose a number of days from 1 to 30.

enter image description here

Reference from MS Document , Please have a look in Set password expiration policy

RahulKumarShaw
  • 4,192
  • 2
  • 5
  • 11
  • Where is Microsoft 365 Admin center in this case? All I have is ADB2C in Azure Portal and user flows and policies I can create there. – Marina Gurevich Feb 17 '22 at 14:07
  • Microsoft 365 admin center can manage the application,User and many services accross azure, Use this Link : https://admin.microsoft.com/AdminPortal/Home#/Settings/SecurityPrivacy – RahulKumarShaw Feb 17 '22 at 14:52
  • Is there a link to documentation from MS that it manages AD B2C users? I don't mean to argue, but from what I've read so far the B2C password expiration is set to 90 days when the flag is enabled during user creation via Graph API. – Marina Gurevich Feb 17 '22 at 15:29
  • Sorry I forget to share the MS Document Link , Now Update in answer Please check. – RahulKumarShaw Feb 17 '22 at 16:30
  • Yes You are correct Password expiration days by default is 90 days but you can change this by setting the Password Expiration policy. – RahulKumarShaw Feb 17 '22 at 16:32
  • 2
    Hmm. Azure B2C and O365 are two different beasts. This is for Azure AD not B2C. – rbrayb Feb 18 '22 at 06:50
  • 1
    If your local user is same for AzureAD and AzureAD B2C, it should appliled to them but if you are adding an external users in AzureADB2C that won't apply this policy to them – RahulKumarShaw Feb 18 '22 at 06:53