We have azure active directory sync setup for an inhouse domain to sync with office365 user accounts so that passwords are the same for the domain and the office365 account.
Laptops are initially joined to the domain and the users use Watchguard SSL VPN client to connect to the domain. We have a group policy that passwords expire every 90 days. If you're inhouse it's easy, you are prompted to reset your password when signing into the domain and all works well. This updates the office 365 password as well so both windows domain and office365 passwords are the same.
Outside of the office a laptop user signs into the laptop, then they run the VPN client to connect to the network and aren't prompted to change the password. This causes issues with mapped network drives and a client server app that is looking for the user to change the password.
Any suggestions on the best way to do this? They can reset their office 365 password and that syncs to the domain. SSPR is enabled for the user accounts. Is that the answer and what is the best method to invoke the password change? Or do we need to change from Active Directory Sync to federated or???
Thanks in advance, hopefully that all makes sense.