ARM UserTemplate Password Restrictions

Hi Everyone

In the ARM User Template we currently use some restrictions for the initial password (specific Characters are not allowed etc.)
These seem to work for the initial password that is created.

However the user can generate a new password and the restrictions other than the length do not seem to apply for that.

Also the user can manually overwrite the initial created password where he can also include characters not allowed for the initial password.

Is there a way to set restrictions on the password-field that do not only apply for the initial password but for all passwords?

Thank you for your help and Best Regards

Lukas

Parents
  • Hello Lukas, The initial password or setting in the ARM template is only valid for the moment you create the password. The validation is therefore only applied on input. To restrict future password changes, you should use the GPO in Active Directory. Here is a link to the Microsoft Tech article. learn.microsoft.com/.../password-must-meet-complexity-requirements The question arises, which user can simply change such a password for you?

  • Hi Christian

    Thank you for your answer. But I think there is a little misunderstanding. I don't want to restrict future password changes generally, I know that this should be done via GPO. 

    When I set restrictions on the User Template, the restrictions are only applied to automatically generated password. The Admin can set a different Password without restrictions during the user creation in ARM and I want to prevent that

  • Hello Lukas, ok try this setting.

    "InitialPassword": {
    			"MinLength": 8,
    			"IsComplex": true,
    			"IsMasked": true,
    			"Constraints": {
    				"ValidationRule": "[^\\s]*",
    				"ValidationInformation": "['en-us:At least 8 characters, uppercase and lowercase letters, at least one digit or a special character. Spaces are not allowed.', 'de-de:Min. 8 Zeichen, Klein- und Großbuchstaben, min. eine Zahl oder ein Sonderzeichen, keine Leerzeichen.']"
    			}
    		},
    That should help.

Reply
  • Hello Lukas, ok try this setting.

    "InitialPassword": {
    			"MinLength": 8,
    			"IsComplex": true,
    			"IsMasked": true,
    			"Constraints": {
    				"ValidationRule": "[^\\s]*",
    				"ValidationInformation": "['en-us:At least 8 characters, uppercase and lowercase letters, at least one digit or a special character. Spaces are not allowed.', 'de-de:Min. 8 Zeichen, Klein- und Großbuchstaben, min. eine Zahl oder ein Sonderzeichen, keine Leerzeichen.']"
    			}
    		},
    That should help.

Children
No Data