Pass By Your Office

Posted on  by



-->

What is Azure Active Directory Pass-through Authentication?

Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords. This feature provides your users a better experience - one less password to remember, and reduces IT helpdesk costs because your users are less likely to forget how to sign in. When users sign in using Azure AD, this feature validates users' passwords directly against your on-premises Active Directory.

The National Parks and Federal Recreational Lands Pass Series. A pass is your ticket to more than 2,000 federal recreation sites. Each pass covers entrance fees at national parks and national wildlife refuges as well as standard amenity fees (day use fees) at national forests and grasslands, and at lands managed by the Bureau of Land Management, Bureau of Reclamation and U.S. PassFab for Office. A comprehensive solution to recover lost or forgotten Office passwords including Word, Excel and PowerPoint in an easy way.

  • COPS Office Preparing for Active Shooter Situations (PASS) Program Topic The 2020 PASS program will fund an applicant to train at least 20,000 first responders through scenario-based, multidisciplinary training classes. Detailed description of the PASS program is available in the application guide.
  • Jan 11, 2010 Hola todos, I want to write in an email something like: 'I passed by your office the week you got back, but you weren't around', and for it to be casual rather than formal. So that it doesn't sound accusatory (!), but just that I passed by on the off-chance. I'm not sure if my translation is.

This feature is an alternative to Azure AD Password Hash Synchronization, which provides the same benefit of cloud authentication to organizations. However, certain organizations wanting to enforce their on-premises Active Directory security and password policies, can choose to use Pass-through Authentication instead. Review this guide for a comparison of the various Azure AD sign-in methods and how to choose the right sign-in method for your organization.

Pass

You can combine Pass-through Authentication with the Seamless Single Sign-On feature. This way, when your users are accessing applications on their corporate machines inside your corporate network, they don't need to type in their passwords to sign in.

Key benefits of using Azure AD Pass-through Authentication

  • Great user experience
    • Users use the same passwords to sign into both on-premises and cloud-based applications.
    • Users spend less time talking to the IT helpdesk resolving password-related issues.
    • Users can complete self-service password management tasks in the cloud.
  • Easy to deploy & administer
    • No need for complex on-premises deployments or network configuration.
    • Needs just a lightweight agent to be installed on-premises.
    • No management overhead. The agent automatically receives improvements and bug fixes.
  • Secure
    • On-premises passwords are never stored in the cloud in any form.
    • Protects your user accounts by working seamlessly with Azure AD Conditional Access policies, including Multi-Factor Authentication (MFA), blocking legacy authentication and by filtering out brute force password attacks.
    • The agent only makes outbound connections from within your network. Therefore, there is no requirement to install the agent in a perimeter network, also known as a DMZ.
    • The communication between an agent and Azure AD is secured using certificate-based authentication. These certificates are automatically renewed every few months by Azure AD.
  • Highly available
    • Additional agents can be installed on multiple on-premises servers to provide high availability of sign-in requests.

Feature highlights

  • Supports user sign-in into all web browser-based applications and into Microsoft Office client applications that use modern authentication.
  • Sign-in usernames can be either the on-premises default username (userPrincipalName) or another attribute configured in Azure AD Connect (known as Alternate ID).
  • The feature works seamlessly with Conditional Access features such as Multi-Factor Authentication (MFA) to help secure your users.
  • Integrated with cloud-based self-service password management, including password writeback to on-premises Active Directory and password protection by banning commonly used passwords.
  • Multi-forest environments are supported if there are forest trusts between your AD forests and if name suffix routing is correctly configured.
  • It is a free feature, and you don't need any paid editions of Azure AD to use it.
  • It can be enabled via Azure AD Connect.
  • It uses a lightweight on-premises agent that listens for and responds to password validation requests.
  • Installing multiple agents provides high availability of sign-in requests.
  • It protects your on-premises accounts against brute force password attacks in the cloud.

Next steps

  • Quickstart - Get up and running Azure AD Pass-through Authentication.
  • Migrate from AD FS to Pass-through Authentication - A detailed guide to migrate from AD FS (or other federation technologies) to Pass-through Authentication.
  • Smart Lockout - Configure Smart Lockout capability on your tenant to protect user accounts.
  • Current limitations - Learn which scenarios are supported and which ones are not.
  • Technical Deep Dive - Understand how this feature works.
  • Frequently Asked Questions - Answers to frequently asked questions.
  • Troubleshoot - Learn how to resolve common issues with the feature.
  • Security Deep Dive - Additional deep technical information on the feature.
  • Azure AD Seamless SSO - Learn more about this complementary feature.
  • UserVoice - For filing new feature requests.
-->

This article explains how to reset passwords for yourself and for your users when you have an Microsoft 365 for business subscription.

Before you begin

This article is for people who set password expiration policy for a business, school, or nonprofit. To complete these steps, you need to sign in with your Microsoft 365 admin account. What's an admin account?.

You must be an global admin or password administrator to perform these steps.

Watch: Reset a business password for a user

Watch a short video about resetting user passwords.

If you found this video helpful, check out the complete training series for small businesses and those new to Microsoft 365.

Pass By Your Office

Steps: Reset a business password for a user

  1. In the admin center, go to the Users > Active users page.
  1. In the admin center, go to the Users > Active users page.
  1. In the admin center, go to the Users > Active users page.

  1. On the Active users page, select the user and then select Reset password.

  2. Follow the instructions on the Reset password page to auto-generate a new password for the user or create one for them, and then select Reset.

  3. Enter an email address the user can get to so they receive the new password, and follow up with them to make sure they got it.

Let users reset their own passwords

We strongly recommend that you set up self-service password reset. This way you don't have to manually reset passwords for your users. To learn how, see Let users reset their own passwords in Office 365.

Reset my admin password

I Will Pass By Your Office

Use these steps if you forgot your password but you're able to sign in to Microsoft 365 because, for example, your password is saved in your browser:

  1. Select your name (icon) in upper right corner > My Account > Personal Info.

  2. Under Contact details, double-check that your Alternate email is accurate and that you've provided a mobile phone number. If not, change them now.

  3. Sign out: select your name in the upper right corner > Sign out.

  4. Now sign in again: type your user name > Next > and then select Forgot password.

  5. Follow the steps in the wizard to reset your password. It uses your alternate contact info to verify you're the right person to reset your password.

If you forgot your password and can't sign in:

  • Ask another global admin in your business to reset your password for you.

  • Make sure you've provided alternate contact information, including a mobile phone number.

  • Or, call Microsoft Support.

Reset all business passwords for everyone in your organization at the same time

These steps work for a business with tens of users. If you have hundreds or thousands of users, see the next section on resetting passwords in bulk (maximum 40 users at a time).

  1. In the admin center, go to the Users > Active users page.

  2. Select the option next to Display name to select everyone in your business. Then unselect yourself. You can't reset your own password at the same time you reset everyone else's password.

  3. Select Reset password.

  4. Follow the instructions on the Reset password page, and select Reset. If you opted for auto-generating the passwords, the new temporary passwords will be displayed.

  5. Enter an email address where you can receive the temporary passwords. You'll need to notify your users what their temporary passwords are.

Reset business passwords in bulk

Oceana Pass Office

Use PowerShell! Check out this post by Eyal Doron: Managing passwords with PowerShell.

For overview information, see Manage Microsoft 365 with PowerShell.

Force a password change for all users in your business

Check out this great blog post by Vasil Michev, Microsoft MVP: Force password change for all users in Office 365.

I don't have a Microsoft 365 for business subscription

We Will Pass By Your Office

Try this article: I forgot the username or password for the account I use with Office.

Related content