Password Synchronization

Microsoft has released a new feature in an update version of the Windows Azure Active Directory Sync tool, Password Synchronization. When activated, user’s on-premises Active Directory passwords will be copied to Windows Azure Active Directory (Azure AD), allowing the customer to use their on-premises password to log into their Office 365, InTune, CRM Online and other Online Services account. Changes to on-premises password are synced to the cloud in minutes (not every three hours).

Enable Password Synchronization

Uninstall old Directory Sync tool
The old Directory Synchronization tool must be uninstalled

Enable Password Synchronization
To enable Password Sync for your tenant use the following cmdlet syntax

Set-MsolPasswordSyncEnabled –EnablePasswordSync $true

Note: Verify the correct PowerShell Module is installed an contains the cmdlet

Install new Directory Sync tool
Install the new Windows Azure Active Directory Synchronization tool Installation of new Windows Azure Active Directory Synchronization tool requires a “full” sync. Please use the steps in the following article to optimize the initial full sync after upgrading.

Password Synchronization does not replace Single Sign-on or Identity Federation. Token sharing or exchange does not take place between the customers on-premises environment and Office 365. The Password Sync feature will not synchronize passwords for users with Federated Identities, or actually the Password Sync feature does try to synch the passwords with the FIM client showing “successful” but the Cloud ignores the password reset.

According to Microsoft the Password Synchronization feature is only available with DirSync and not supported with the Office 365 connector for FIM (which is still not released).