Block users to change the password
I come across this message prompts enable resource for previunir / block user to the password change your e-mail account. We migrated a solution to the cloud and it had these options. Another thing that I see in the product is denying changing account information.
We need it very urgently.
j'appuie cette demande.
Il est trop facile pour un hacker de changer de mot de passe utilisateur, s'il l'obtient une première fois.
cela ne signifie pas de d'empêcher l'utilisateur de faire une demande de réinitialisation à l'administrateur.
I support this request.
It is too easy for a hacker to change the user password if he gets it a first time.
this does not mean to prevent the user from making a reset request to the administrator.
Giancarlo La Giusa commented
Buongiorno, avendo appurato con il vostro servizio di assistenza, che tutti i nostri utenti Office365 possano cambiare le password dal proprio account, nonostante l'impostazione corretta che dovrebbe impedire di farlo, chiedo con quale possibilità o funzione possiamo fare si che l'utente sia impossibilitato di farlo se non dall'amministratore di sistema.
Certo di un vostro celere riscontro, Saluto Cordialmente.
Consorzio Innova Soc. Coop.
Disable user modify password via O365 portal
The instructions worked for us to block password changing/reset so the users do eventually get a warning that this is not allowed. That is very confusing for our staff, though, and we have calls and work orders every week from staff who thought they had to change their password with this method and can't understand why it isn't working.
What we really need is EITHER: (1) remove the link altogether that says to change or reset password, or (2) allow us to provide a different URL for the link that will take them to our password management service.
Neither of these options are hard. When your service displays the login option, it just needs to have access to the attribute that says whether to allow password change or not (and to the attribute that would have an alternative URL, if that is added, which is just a tiny bit more work). The code for the link is either not shown if the attribute says to block it or shows the alternate URL if there is an alternate option. We have several other services that do this and none of those companies have as many people developing their products as Microsoft does.
Password blocking can be done by following below reference article: https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_manage/disable-password-changing-option-in-owa-office-365/5d5cbf4f-ff7b-47f4-98c5-6e767f6c4524
Setup AD Sync and that will dictate the passwords and the ability to change them. This way with a termed or leaving employee you have full control in your AD.
Steven Williams commented
This blatant disregard by MS to enable critical administrator functionality in O365 is exactly why I will be moving my organization to Google Mail. I'm done waiting...
unbelievable that this is still not implemented!
Dwight B commented
I keep checking back on this and am continually surprised this feature has yet to be implemented.
Agreed. It would be very helpful to prohibit users from changing their password!
Being able to prevent the user from changing his password himself is obvious.
It's part of the safety foundation.
The ability to disable users' ability to change passwords is very critical...now that everything is on the cloud...we face issues where an employee, when he/she leaves, can change the password, then go home and delete files and folders - leaving a complete disaster for us.
Admin should be able to disable any user's ability to change passwords...very critical...please make these changes....
we need this feature as soon as possible in our organization. as i can see some users asked MS for years to implement this. i agree with them, for such a basic feature MS has to listen to us immediately.
can't agree more that this is fundamental to basic security of the organization, and compliance of end users.
Please implement a feature that enables this.
Frank Koshere commented
How loud do we have to scream for you to finally listen!!!??? We've been asking for this for 2 years now! How hard is it for MS to understand that having control over what end users can and can't do in 0365 is critically important!! I cannot believe this has been overlooked. It is SO fundamental to basic security of the organization, and compliance of end users.
Frank Koshere commented
I absolutely agree with all of these people. I will add that even if you create a custom OWA mailbox policy with the "change password" box unchecked, and then apply it to a user mailbox, it STILL doesn't work. The user can still change their password in OWA. Why is the option even there if it doesn't work? This is a ridiculous limitation of 0365 that should be fixed if MS intends to retain and acquire larger customers. We have almost 1000 users and management is going to tell us to pull the plug on 0365 if MS doesn't fix this. What a shame, because none of us want to leave. But MS is simply not meeting the basic requirements of our company. MS, stop with the stupid bells and whistles for day and fix a actual fundamental flaw in 0365.
WMMC Admin commented
This facility is a must for maintaining user control. Easily setup on on-premise exchange! Should be part of O365.
Michael Johnson commented
Our company controls our users passwords. Our AD is not synced with O365. I can prevent a user from changing their password on the network but not on O365. MS needs to add the same functionality to O365 as AD. A setting should be added to "do not allow user to change password" in O365 that can be controlled by an Administrator.
Marc Pituley commented
We have a custom identity management solution that we use to manage accounts and passwords across a variety of systems (AD, LDAP, and others). We would like to do the same with cloud only users in Office 365. However, unless we can prevent users from changing their password in Office 365 their password for Office 365 would become out of sync with the rest of the systems we manage.
Joe Steele-Thurston commented
This, as far as I know, applies specifically to cloud only users, and not with AD users as AD policies can ensure that users cannot change their policies once linked to AD.
For organizations however, that do not have AD implemented in their local environments, but still want centralized control of their passwords without users having the ability to perform self-service password resets, the ability to block a user from changing their password is essential.
It amazes me that in the Office 365 RBAC settings, there is an option to create a role which prevents users from changing their own passwords, but at the same time it doesn't actually apply to anyone once the role is created and applied because it is a different setting entirely that allows users to change their passwords now.
At the very least, the setting in the RBAC role creation page should be clarified to indicate to cloud users that the setting doesn't actually work. At best, we would have the setting either changed to work, or removed as an option since it doesn't actually do anything.