Following goes him into effect of the new law on the Privacy, the GDPR, also the firms that preferred to have password without expiration or preventing the end users to change in autonomous way the passwords, they are had to adjust.
HOW TO PROCEED
In Office 365 inside a domain can begin to modify the safety criterions through our panel of administration. As it regards the formulations of the criterions of password you can be modified inside the menu Formulations – > Safety is Privacy. The available options in Criterions Of the Password are the remaining days to the expiration of the passwords for the users (have recommended him since 90 a 180 days) and to how many days from the expiration it is wanted to send a notification to the user remembering to change him the password (he is known that so much will wait for the last minute to do it).
It seems everything easy and simple, but let’s remember us that the users must be able to autonomously change the password without having to contact the poor system administrator. Then we check if this formulation is active or less. Always under SETTINGS – > Safety and Privacy, to the fund we can find to ALLOW THE PEOPLE OF RESET OWN PASSWORD.
Clicking on the link Azure AD administration interface will open the admin center of Azure Active Directory.
Under USERS -> PASSWORD RESET we can find numerous interesting formulations:
- Properties: we absolutely have to plan All, in this way we allow alone all the users of the domain of reset the password.
- Authentication methods: we are able reset various methods that allow to verify the account of the user
- Registration: the number of days before for a new confirmation of the methods of authentication is asked
- Notifications: to define if the user and the administrator must receive a notification when a password is changed
- Customization: a link of helpdesk can be inserted
- On-premises integration: the passwords writeback can be trained. You advises to read this GUIDE
- ACTIVITY -> Audit logs: you can monitor all the movements made by users (such as password change) differentiated according to the category you want to see.
- Troubleshoot: you can see guides to try to solve the most common problems
- New support request: you need direct assistance to Microsoft
The last step to do, now mandatory to be compliant with the GDPR is to force the password change of all users and we can do it in two ways:
- In the Home panel of the administrator panel, under USERS -> ACTIVE USERS, we select all users (deselect the administrator user), and change password. We can choose whether to generate the password automatically from the system or create it ourselves (Remember to respect at least the password criteria even if in theory the user will change it immediately). This is definitely the longest method because we should communicate passwords to all users, which is unthinkable on domain with hundreds of users.
- To force the change password from Powershell. For before thing we connect the Powershell of Office 365. subsequently we are able it forces all the users giving the command:
Or individual users:
Or of certain groups:
It is important to underline that both ForceChangePassword and ForceChangePasswordOnly should be written as parameters because if ForceChangePasswordOnly is omitted, an automatic password will be generated and it is as well that we did not use Powershell and did everything from the Admin console.
To reset passwords in office 365 format (8 characters, initial capital letter, 3 lowercase letters and 4 numbers), you can use this script:
Remember to always exclude the administrator account, add the desired filters. This script exports the csv file with passwords and accounts. Even in this case, however, you can safely use the administrator panel.
I thank Vasil Michev for writing the scripts available in his own BLOG