Jamf Connect: How to set a Password Policy (Azure AD)

TechSpecialist
Contributor

I am using Jamf Connect (Azure AD) to let users log in to their Macs here at our organisation.

But I need to find a solution to enforce a Password policy so that users are forced to change their password before being able to log in or work on their computer.

Any suggestions?

7 REPLIES 7

mlawniczak
New Contributor III

If you are using Azure as your IdP the password policy settings you use for the users Azure account will work for managing the local account on the machine, as long as you are also using Verify to keep the passwords in sync.

TechSpecialist
Contributor

The change password function works, but eventually I would need the old password still to have it synchronised.

But what if people forgot about their old password?

brandon_-_autob
New Contributor III

Did we ever solve this? Currently in the same boat.

TechSpecialist
Contributor

There still is no proper solution for this.

samuelbaiden
New Contributor III
New Contributor III

Well I have implemented a similar solution and this is what I did. I allowed password reset in Azure for the Azure accounts that will be using Jamf Connect and added MFA. Once that was in place, users could now reset their password even if they had forgotten the old one from the macOS Setup Assistant before they could continue. Remember to tie Azure SSO with Jamf Connect Login by using Enrollment customisation.

Cayde-6
Release Candidate Programs Tester

@samuelbaiden

I can't see how that would work if you've got FV2 enabled because you have no internet access at the EFI login window

dsardaczuk
New Contributor III

Is there a solution with azure AD for a password expire notification?