Password Writeback isn’t enabled by default in an Azure AD Hybrid environment. Password changes or resets need to be done on-premise and can’t be done in Office 365. For the user experience, it’s more convenient that they can reset or change their password also in Office 365.
To accomplish this, we will need to enable Password Writeback. This way password changes made in Azure AD are synchronized back to your local Active Directory. It also allows users to use the Microsoft 36 Self Service Password Reset feature.
In this article, we are going to take a look at what is required to enable password write-back and how to enable it.
Password Writeback License Requirements
Before we are going to take a look at how to enable password write-back we first need to look at the license requirements. Because to use the feature you will need to have at least Azure AD Premium P1 plan in your Microsoft 365 license.
The plan can be bought separately as an add-on, but it’s also part of the following license plans:
- Microsoft Business Premium
- Enterprise Mobility + Security E3 and E5 add-on
- Microsoft 365 E3 and E5
- Microsoft 365 F1 and F3
Without Azure Premium P1 or P2, you can’t use the password writeback feature nor enable Self Service Password Reset. You can find a complete overview of all Microsoft 365 plans here.
Configure Password Writeback
Time needed: 10 minutes
To configure Password Writeback for Azure AD we will need to have access to the Azure Active Directory and the Azure AD Connect tool.
- Open Azure AD Connect
Open Azure AD connect on the server and click Configure
- Customize synchronization options
Select the additional task Customize Synchronization Options and click Next
- Connect to Azure AD
You will now need to log in to Azure AD. Use your Azure AD Global Administrator account for this.
- Connect your directories and Domain and OU filtering
Just click Next twice, we are not going to add or remove any OU’s or domains.
- Optional Features
On the step Optional Features, we are going to enable Password Writeback and click Next
- Finish the configuration in Azure AD Connect
The last page will show a summary of changes that we made, it should only list:
– Enable Password Writeback
– Configure synchronization services on this computer
Click configure to apply the changes. After a couple of minutes, you should see a Configuration Completed page.
- Open portal.azure.com
Next, we need to enable the write-back feature in Azure AD.
– Go to portal.azure.com
– Open the Azure Active Directory
– Click on Password reset
- Check if Password Writeback is enabled
Azure AD should automatically detect that you have enabled password writeback in Azure AD Connect. You can check it under the On-premises integration:
- Check/enable Self service password reset
Also, self service password reset should now be enabled for your users. Click on Properties to check the feature:
The Password Writeback feature is now enabled in Azure AD. You users can now reset their password from within Office 365.
NoteGood to know is when a user resets their password through Azure AD then they still need to comply with your local password policy. And not the default Azure AD password policy.
The password writeback features make resetting and changing passwords a lot more convenient for your users. Make sure you have the correct Microsoft 365 license with Azure Premium P1 at least, otherwise you can’t enable the feature in Azure AD.
If you have any questions, just drop a comment below.