I have some questions about password management in Windows Azure Active Directory:
- the documentation of the Graph API does not mention that password expires by default (see for example the documentation of User object under passwordPolicies--http://msdn.microsoft.com/en-us/library/windowsazure/hh974483.aspx), while the documentation of the Windows Azure Active Directory cmdlets states that password expire by default
(see the documentation of New-MsolUser --
http://technet.microsoft.com/en-us/library/dn194096.aspx -- in fact the use of the option -PasswordNeverExpires translates in a passwordPolicies containing DisablePasswordExpiration that is not mentioned in the User object documentation).
Is this a missing update in the documentation or are there any difference between the two APIs in password expiration? - I have several issues in understanding how setting DisableStrongPassword in PasswordPolicies affects password policies (in both APIs), in particular:
- I understand that DisableStrongPassword has no constraint at all, but in fact when I reset the password through Graph API I cannot set a password shorter than 8 characters;
- If I reset a password for a user with DisableStrongPassword stating that should be reset at next access, the change password web page seems to enforce anyway the "strong password" policy.
Eric Miotto, aKite Retail Web Services, http://www.akite.net