Something commonly forgotten about when setting up BPOS for a customer that uses Active Directory – is that a new set of password management exists in BPOS.
This can exist in scenarios where the customer already has an on-premise Exchange and is now using Exchange Online, or even for peer-to-peer networks with no central password management.
What the users end up with is two passwords – one for their PC (local or AD authentication), another for BPOS.
Something new customers and partners moving to and using BPOS may not be aware of is the fact that the Directory Synchronization tool does not actually synchronize passwords – just users and groups.
So what are our options? Sure you can get everyone’s current password and match this in BPOS – however there is a default password expiration of 90 days. Very quickly you can see how this would be an inconvenience to users, and quite confusing the first time around.
Another option is to log a support case and request to disable password expiration – however this is not recommended due as it weakens your security.
Something we as a business (Paradyne) have found useful is the MessageOps Password Synchronization tool.
It is free and easy to use, and will run on your domain controller to keep passwords synchronized for your users.
This allows your BPOS environment to adhere to your existing password security policy, keep your organization & data more secure, and overall keep you users happy.
While Office 365 will support Active Directory Federation Services (ADFS) – you will require significant on-premise infrastructure to support this, so it is more relevant for large businesses and enterprises.
The MessageOps tool will still be the way to go with smaller organisations that cannot support the ADFS requirements or large businesses and enterprises that can’t or don’t plan to utilise ADFS.
Happy password synchronizing!
Also published on Medium.