Cloudpasswordpolicyforpasswordsyncedusersenabled [upd] May 2026

It looks like you’re referencing an setting related to cloud password policy for users with passwords synced from on-premises .

Connect-MgGraph -Scopes "Policy.ReadWrite.AuthenticationMethod" Get-MgPolicyAuthenticationMethodPolicy | Select-Object -ExpandProperty AdditionalProperties Look for: cloudPasswordPolicyForPasswordSyncedUsersEnabled cloudpasswordpolicyforpasswordsyncedusersenabled

Below is you can use — depending on your audience (IT admin, security team, or documentation). 1. Short definition (for docs or KB) Cloud Password Policy for Password Synced Users Enabled When enabled, this setting enforces Microsoft Entra ID password policies (e.g., banned password lists, password expiration, complexity) on users who have their passwords synced from on-premises Active Directory via Entra Connect. Normally, synced users follow on-prem AD policies; enabling this adds a cloud policy layer without changing the on-prem password. 2. Detailed technical explanation Setting name (internal/Microsoft Graph): cloudPasswordPolicyForPasswordSyncedUsersEnabled It looks like you’re referencing an setting related

"authenticationMethodConfigurations": [], "additionalProperties": "cloudPasswordPolicyForPasswordSyncedUsersEnabled": true Short definition (for docs or KB) Cloud Password

PATCH https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy

Specifically, the string: cloudpasswordpolicyforpasswordsyncedusersenabled maps to a setting in or Entra ID protection policies that determines whether cloud-based password policies (like Entra ID password protection) are applied to users whose passwords originate from on-prem Active Directory.