DirSync & change password at log on

I have been playing around with Azure AD in preparation for speaking at TechED NZ this year; once I got DirSync up and running I found that each new account that I created in my local AD could not log on to MyApps.microsoft.com unless I reset its password.

This puzzled me for a couple of nights….What was I doing wrong ?

It turns I was doing nothing wrong, what I was experiencing was the correct behavior when “User must change password at next log on” flag is set.  This flag is set by default when creating a new User Account using ADAC.

Unlike your local AD where staff get prompted to reset their password after logging in; when accessing MyApps.Microsoft.com staff get a user name or password  incorrect and they can click on the link to reset their password.

It would be nice if there was some way that Azure AD could prompt and say your Administrator has requested that you reset your password before you can log in 🙂