Type something to search...
to navigateto selectESC to close
How to enable password writeback in Entra ID

How to enable password writeback in Entra ID

Introduction

In an organization configured as hybrid with Microsoft cloud, user accounts are created in the on-premises Active Directory and are synchronized with Microsoft Entra ID. In order for users to change their password in cloud applications, it must be synchronized with their on-premises account so that they can use a single password.

Prerequisites

Active Directory

  • An Active Directory server configured and accounts created.

Entra Connect

  • An Entra Connect instance connected with Entra ID.

Administrator role

  • An account with the Global Administrator or Hybrid Identity Administrator role to access the Microsoft Entra Admin Center.
  • An account with the Enterprise Administrator role to access the Active Directory server.
Step 1 : Enable Password Writeback in Microsoft Entra Connect Options

Start the Microsoft Entra Connect Sync application from the local Entra Connect server.

On the setup wizard welcome screen, click Configure.

image

Click Customize synchronization options, then Next.

image

Enter your Microsoft 365 administrator account, then click Next.

image

Check the Password writeback box, then click Next.

image

On the last menu, click Exit.

image

The feature is now enabled on the local Entra Connect server.

Step 2 : Sign in to the Microsoft Entra Admin Center

Sign in to the Microsoft Entra Admin Center by opening your web browser to https://entra.microsoft.com.

Step 3 : Enable Password Writeback in Microsoft Entra ID

In the left menu, click Identity, then Protection, and then Password reset.

Click On-premises integration, and enable all options.

image

The feature is now enabled on Entra ID.

Step 4 : Set a Minimum Password Age Policy

Start the GPO Management Console (gpmc.msc) from the local Active Directory server.

Click Computer Configuration, then Policies, then Windows Settings, then Security Settings, then Account Policy, and then Password Policy.

Edit the Minimum password age policy and set it to 0 days.

image

Password policies in the AD DS environment can prevent password resets. Minimum password age must be set to 0 for password rewrite to work.

Conclusion

You now know how to enable password writeback in Entra ID.

Sources

Microsoft Learn - Hybrid identity

Microsoft Learn - Entra Connect

Microsoft Learn - Password reset writeback

Did you enjoy this post ? If you have any questions, comments or suggestions, please feel free to send me a message from the contact form.

Don’t forget to follow us and share this post.

Tags :
Share :

Related Posts

How to activate Microsoft 365 Passkey in Entra ID

How to activate Microsoft 365 Passkey in Entra ID

Definition Microsoft 365 Passkey is an authentication method that replaces passwords with more secure options like facial recognition, fingerprint, or a PIN.Prerequisites **

Read More
How to sign in with Passkey to Microsoft 365

How to sign in with Passkey to Microsoft 365

Definition Microsoft 365 Passkey is an authentication method that replaces passwords with more secure options like facial recognition, fingerprint, or a PIN.Prerequisites **

Read More
How to enable LAPS on the MTR Admin account via Intune

How to enable LAPS on the MTR Admin account via Intune

Definition Microsoft's LAPS (Local Administrator Password Solution) is a free tool designed to improve password security for local administrator accounts on workstations, servers and al

Read More
How to create a Windows local admin account via Intune LAPS

How to create a Windows local admin account via Intune LAPS

Introduction I wrote an article last February on how to replace the password of your MTR's local account using LAPS (Local Administrator Password Solution) in Intune. I concluded my article

Read More
How to enable LDAP routing in an Audiocodes SBC

How to enable LDAP routing in an Audiocodes SBC

Introduction LDAP (Lightweight Directory Access Protocol) routing over an SBC (Session Border Controller) allows calls to be managed using information stored in an Active Directory.

Read More