Windows 10, Azure AD Join and Password Changes

AzureSo we are deploying Workspace One, and our devices are joined to Azure AD. 
We have found an issue when the user is prompted to change their password.

Issue
When the user is prompted to change their password, they are directed to https://account.activedirectory.windowsazure.com/ChangePassword.aspx

The user successfully changes their password, and then finds that they cannot connect to our on-premise Active Directory resources.

Cause
The Local Profile (Cached) Password on the workstation is not being updated with the users new password.

Fix / workaround

  1. User still changes their password via https://account.activedirectory.windowsazure.com/ChangePassword.aspx
  2. They then immediately LOCK their workstation (Windows + L)
  3. They unlock their workstation, with their NEW password.

Why this works
It forces the local workstation to validate the password with Azure AD, and then this updates the copy of the password which is stored in the local workstation user profile.

References
The Old New Thing – Why does it take longer to reject an invalid password than to accept a valid one?
Microsoft – Cached credentials security in Windows Server 2003, in Windows XP, and in Windows 2000

Sorry – Your Password Isn’t Not Long Enough

“Your password must be at least x characters; cannot repeat any of your previous x passwords; must contain capitals, numerals or punctuation; and cannot contain your account or full name. Please type a different password. Type a password which meets these requirements in both text boxes.”

Yes, it’s that time of month again, where I retrieve the post-it note from under my keyboard, and write my NEW password down on it.

So we now have the illusion of security, while not actually having it.  Which is a reason why, when your computer is seized, they’ll take the surrounding items as well.

I laughed until I cried when I saw this:

Sorry - Your Password Isn't Not Long Enough

Bookmark and Share