Windows 10, Azure AD Join and Password Changes

  • Article

So I have been testing around a bit with password changes on Windows 10 when my machine is joined to Azure AD. I have testet a few scenarios and would like you share my impressions. All scenarios are based on a Cloud Only enviroment and does not have any connections to an OnPremise AD.

Scenario 1: Admin wants to change the users password and the user wants to log on to Windows 10 with his new password.

My first test was to go into the manage.windowsazure.com and reset the users password. This process creates only a temporary password and the user needs to change his password on next login. If you change the password this way the user has to manually go into for example portal.office.com where the user will be prompted to set a new password by giving the temporary password. The temporary password will not work for login into the Windows 10 machine, but the new password created after visiting portal.office.com will work.

AAD-Password-00090

My second test was to go into the Office 365 Admin portal to change the users password. Now I have the option to not require the user to change the password on first logon and create a permanent password directly. You cannot define your own password in this view, the console will create a password for you. This works. And now the user can log on to the Windows 10 client with the new password directly. It doesnt seem to be sync delay either, I tested the logon just 15-20 seconds after the password was changed in the portal.

AAD-Password-0007

Scenario 2: The users wants to change the password and the log on to Windows 10 with the new password.

My first test was to go into Settings – Accounts – Sign In Options where i was presented with this view:

pass01

So of course I had to try to press Ctrl-Alt-Delete to change my password. But..

pass02

No option to change password locally on the client. So what now?

My second test on this scenario was to go to the https://myapps.microsoft.com portal to try to change the password there. (sorry about the Norwegian in the screenshot)

pass03

So I changed my password in the myapps-portal. Restartet my computer and was able to directly log into Windows 10 with my new selfdefined password.

Filed under: AzureAD, Client, Cloud, Windows 10 Tagged: AzureAD, Cloud, EMS, Join, Microsoft, Technical, Windows 10