Got everything configured, AD synced, etc. The only thing I cannot seem to get to work is if I set a user account to "User must change password at next logon" on my on-prem DC, when they log into M365, it does not prompt them to change their password. I have been through every setting in Entra. Googled to high heaven, and M365 never prompts the end-user to change their password. We have a lot of sales people who are on the road and never step into the office so we want them to still change their password when our password policy kicks in. Any insight would be greatly appreciated.
I've run into the same problem as well. They don't get reminded because their technically not logging "on-prem". There is a script that I used in the pass that will check last time they changed their password and send out an email 14 days in advance(you can change the reminder) before the password expires. Unfortunately I don't remember the script but you will need to have it running on your domain controller and use a service account "Passwordreminder@whatever.com" that has access to send emails.
Got everything configured, AD synced, etc. The only thing I cannot seem to get to work is if I set a user account to "User must change password at next logon" on my on-prem DC, when they log into M365, it does not prompt them to change their password. I have been through every setting in Entra. Googled to high heaven, and M365 never prompts the end-user to change their password. We have a lot of sales people who are on the road and never step into the office so we want them to still change their password when our password policy kicks in. Any insight would be greatly appreciated.
I've run into the same problem as well. They don't get reminded because their technically not logging "on-prem". There is a script that I used in the pass that will check last time they changed their password and send out an email 14 days in advance(you can change the reminder) before the password expires. Unfortunately I don't remember the script but you will need to have it running on your domain controller and use a service account "Passwordreminder@whatever.com" that has access to send emails.