Password compliance reports SM7242 (probably public beta too?)
Problem reported by Sébastien Riccio - 1/28/2020 at 7:02 PM

We recently had some compromised accounts due to crappy passwords and in order to inform all our users having old insecure passwords so they update their password, we tried to use the Password compliance report.

However the report and export is empty.

I'm sure we have a lot of users that aren't compliant with the requirements we've set. Is the report broken ?

Kind regards

2 Replies

Reply to Thread
Sébastien Riccio Replied
Okay, maybe it's because of the setting:

Skip enforcement for existing passwords - Select this option to allow changes to the password requirements to only affect new users or new passwords.

It is currently enabled so that's maybe why the report shows nothing. I don't really understand what the setting is supposed to do. 

If I disable it, will it affect users with non-compliant password ? Or it is just for the report ?

Kind regards.
Sébastien Riccio Replied
After playing a bit with this I came to the conclusion that to see existing password that are not compliant you must disable "Skip enforcement for existing passwords "

However when you do this, it also forces the users to change their password when they logs into the webmail.

We do not want (yet) to force them to change the password, but only have an overview of current accounts with bad passwords.

Reply to Thread