Enable expired password to Sync so that users are required to change passwords either on the cloud or on premise.
We are experiencing major issues in our helpdesk due to the way AADC works by "design". Unfortunately AADC does not synchronize expired passwords so selecting require users to change password on first login does not work when done on premise or on the cloud portal for users trying to login to the portal. Microsoft's only solution is to require users to authenticate to the domain on a pc, which is not realistic in our enviroment where many computers are shared or to just tell they users to change their password after login. Yeah right, that's going to happen. Otherwise we have to set the password for the user and not have them change it which completely breaks security protocols. I can't believe that MS has not addressed this issue by now with as long as O365 has been out. We bought O365 E3, EMS, ECS, and have Azure AD Premium and we are hampered by poor product design. We would have been better off just staying on prem.
mikie swier commented
Major security issue. please fix asap.
Paul Slade commented
We've also hit this issue. MSFT please fix.
Its the thing many are not aware, we are happily thought password expired users who were not properly gone through exit process will be enabled in local AD but password expired and assumed they would be not using any cloud apps synched with Azure AD, which we lately realized its not True, Major security flaw, how it can be designed in such stupidity?? Does it require someone to vote for the basic things which should be in place from day one? MS are you kidding....?
Just like ignoring on prem account expiration, this is another major security issue with O365.