ScubaGear icon indicating copy to clipboard operation
ScubaGear copied to clipboard

Published 20 hours ago verified publisher icon cisagov

MS.AAD.6.1 Does not account for federated domains

Open Jeff-Jerousek opened this issue 9 months ago • 5 comments

🐛 Summary

What's wrong? Please be specific. Any federated domains do not have the fields: passwordNotificationWindowInDays passwordValidityPeriodInDays

Note for whoever gets assigned this issue: refer to the instructions in this comment for the code changes needed.

To reproduce

Steps to reproduce the behavior: Run Get-MgBetaDomain against a tenant with federated domains (ADFS).

Expected behavior

The password policy is enforced locally, an exception for any federated domains would do the trick.

Any helpful log output or screenshots

Paste the results here:


{
  "id": "generic.domain.com",
  "authenticationType": "Federated",
  "isAdminManaged": true,
  "isDefault": false,
  "isInitial": false,
  "isRoot": false,
  "isVerified": true,
  "supportedServices": [ "Email", "OfficeCommunicationsOnline", "OrgIdAuthentication", "Intune" ]
}

Add any screenshots of the problem here.

Jeff-Jerousek avatar Apr 29 '24 18:04 Jeff-Jerousek