# Check the value $Setting.Values | Where-Object $_.Name -eq "CloudPasswordPolicyForPasswordSyncedUsersEnabled"
By default, when a user is synchronized from on-premises AD to Entra ID, Microsoft assumes that the authoritative password policy resides in the on-premises environment. cloudpasswordpolicyforpasswordsyncedusersenabled
Look for: cloudPasswordPolicyForPasswordSyncedUsersEnabled # Check the value $Setting
# If the setting exists, update it if ($Setting) Update-MgDirectorySetting -DirectorySettingId $Setting.Id -Values @(@Name="CloudPasswordPolicyForPasswordSyncedUsersEnabled"; Value="True") cloudpasswordpolicyforpasswordsyncedusersenabled
The tenant feature controls whether Microsoft Entra ID enforces native cloud password policies for hybrid users.
The setting CloudPasswordPolicyForPasswordSyncedUsersEnabled is a directory-level configuration that enforces Microsoft Entra ID password policies on synchronized users, overriding the legacy default behavior where cloud policies were ignored for these accounts.
Load your own files: Visit webview.exocad.com for our free web-based 3D file viewer.
Dedicated mobile apps are also available for Android and iOS.