Windows 10, Azure AD Join and Password Changes

AzureSo we are deploying Workspace One, and our devices are joined to Azure AD. 
We have found an issue when the user is prompted to change their password.

When the user is prompted to change their password, they are directed to

The user successfully changes their password, and then finds that they cannot connect to our on-premise Active Directory resources.

The Local Profile (Cached) Password on the workstation is not being updated with the users new password.

Fix / workaround

  1. User still changes their password via
  2. They then immediately LOCK their workstation (Windows + L)
  3. They unlock their workstation, with their NEW password.

Why this works
It forces the local workstation to validate the password with Azure AD, and then this updates the copy of the password which is stored in the local workstation user profile.

The Old New Thing – Why does it take longer to reject an invalid password than to accept a valid one?
Microsoft – Cached credentials security in Windows Server 2003, in Windows XP, and in Windows 2000

Today’s password is ‘4rfvgy7uj’

Never heard about the concept of password “snakes” until I visited a customer 2 years ago.

Password snakes, simply put, are passwords which follow a path on the keyboard, as this picture illustrates.

It’s an interesting idea, but not one I’d really encourage as it’s too easy to remember, particularly for those types of people who like looking over your shoulder.

Bookmark and Share