Azure AD B2C有两种不同的密码过期日期,具体取决于密码本身,如何设置?

huangapple go评论65阅读模式
英文:

Azure AD B2C 2 types of expiration date for password depending on the password itself, how to?

问题

我有以下情景:

如果用户有一个临时密码,该密码在过去的24小时内设置,那么用户被强制要求更改密码。如果密码在24小时前设置,那么用户无法登录。

如果用户有一个密码,该密码在过去的180天内设置,用户可以登录。如果密码在180天前设置,用户被强制重置密码。

这两种密码看起来不同,所以我可以通过正则表达式比对密码,以检查它是否是临时密码。

问题是,我知道密码是临时的还是不临时的,我必须应用策略的24小时或180天的过期时间。那么,我如何知道密码上次何时更新?

最初,我考虑使用自定义属性来存储这个值,但我认为这应该在默认情况下记录在某个地方。我觉得微软可能希望出于合规性和安全目的在他们的一侧进行审计。我还觉得这可能在Graph上存在,但到目前为止,我还没有找到这个筛选器是否存在。
问题是,这个筛选器是否存在,还是我需要使用自定义属性的方法?

英文:

I have the following scenario:

If a user has a temporary password, that is been set in the last 24 hours, the user is forced to change the password. If the password has been set more than 24 hours ago, then the user is not able to log in.

If a user has a password that has been set in the last 180 days, the user is able to log in. If the password has been set longer than 180 days ago, the user is forced to reset the password.

The two types of password look different, so I can compare the password by a regular expression to check if it is a temporary password or not.

The problem is that knowing that the password is temporary or not, I have to apply the 24 hour or 180 day expiration time of the policy. So how do I know when the password was last updated?

Initially, I have thought in using a custom attribute to store this value, but I thought that this should be recorded somewhere by default. It makes sense to me that Microsoft wanted to audit this on their side for compliance and security purposes. It also makes sense to me that this could probably be on Graph, but so far, I haven't found this filter exists.
Question is, does this filter exist or I need to go through the custom attribute route?

答案1

得分: 2

以下是翻译好的部分:

"我尝试在我的环境中复制相同操作,并获得以下结果:"

要了解 Azure AD B2C 用户的密码上次更新时间,请尝试以下查询:

GET https://graph.microsoft.com/v1.0/users?$select=displayName,lastPasswordChangeDateTime

确保授予 User.Read.All 权限以获取 lastPasswordChangeDateTime

英文:

I tried to reproduce the same in my environment and got the results as below:

To know the when the password of the Azure AD B2C users was last updated, try the below query:

GET https://graph.microsoft.com/v1.0/users?$select=displayName,lastPasswordChangeDateTime

Azure AD B2C有两种不同的密码过期日期,具体取决于密码本身,如何设置?

Make sure to consent User.Read.All permission to fetch the lastPasswordChangeDateTime.

huangapple
  • 本文由 发表于 2023年2月14日 20:44:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/75448022.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定