+8I am using Jamf Connect (Azure AD) to let users log in to their Macs here at our organisation.
But I need to find a solution to enforce a Password policy so that users are forced to change their password before being able to log in or work on their computer.
Any suggestions?
+4If you are using Azure as your IdP the password policy settings you use for the users Azure account will work for managing the local account on the machine, as long as you are also using Verify to keep the passwords in sync.
+8The change password function works, but eventually I would need the old password still to have it synchronised.
But what if people forgot about their old password?
+8Well I have implemented a similar solution and this is what I did. I allowed password reset in Azure for the Azure accounts that will be using Jamf Connect and added MFA. Once that was in place, users could now reset their password even if they had forgotten the old one from the macOS Setup Assistant before they could continue. Remember to tie Azure SSO with Jamf Connect Login by using Enrollment customisation.
+22I can't see how that would work if you've got FV2 enabled because you have no internet access at the EFI login window
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
