New in Specops Password Policy 7.7 – Improved Password Expiry Emails and More

Today we’ve released the latest update to our Active Directory password management solution, Specops Password Policy 7.7.

This release includes improved intervals for password expiration reminder emails, as well as new functionality for sending test emails and selecting specific domain controllers for configuration and user counting.

Let’s take a look at what some of these changes look like.

Customize When Password Expiration Reminder Emails Are Sent

Reminding users of expiring passwords is an important part of reducing the burden on your service desk. When a user changes their password ahead of their expiry date, that is one less expensive call to your overworked IT staff.

Prior to this release, when password expiry reminder emails were configured in Specops Password Policy, they were sent every day. With this release, admins can configure custom intervals (e.g., 1, 3, 5 days out from expiry)

customization-password-expiration-reminder-email
The field next to ‘Send email notification (days before expiration)’ can be customized to any frequency. The numbers shown are counts of days out from the user’s password expiration date. The above screenshot shows a policy where users would receive reminder emails 7, 5, 3, 2 and 1 day(s) out from their password expiration dates.

If you’re wondering how many of your passwords are expiring soon, you can quantify that burden with the Expiring Passwords report in a free scan with Specops Password Auditor.

We recommend including instructions on how to change or reset their passwords in the expiry reminder email. Customers with Specops uReset can include a direct link to the self-service reset platform for their users in the email.

Preview and Test Expiry Reminder and Breached Password Notification Emails

Specops Password Policy supports using email for notifications about compromised passwords and upcoming password expirations. With this release, admins can now send test emails right from within the policy they are editing. These test sends allow admins to preview those emails as well as test that the send configuration works as expected.  

Configuring the test email send for password expiry reminders in Specops Password Policy. Success or failure messages will appear in the box below the Send button.
Configuring the test email send for compromised password notifications in Specops Password Policy. Emails for both the Express List and the Complete API check can be previewed and tested. Requires Specops Breached Password Protection. This screenshot shows an example of an error message after hitting the test email Send button that can help an admin troubleshoot configuration issues.

Previewing and testing expiration reminder emails and breached password notification emails can be especially helpful when deploying new policies or making changes to an existing one. If your organization has the Specops Breached Password Protection service configured, try testing the compromised password notification email ahead of the next time you update the Express list.

New Security Group Option to Support Least Privilege Password Policy Administration

This release introduces a new, optional, Specops Password Policy Admins security group. This optional group will be empty by default but can be configured to grant rights to a set of users to administrate most password policy settings without being domain administrators. Actions that require domain admin privileges, such as creating new GPOs, will not be available to this group.

The optional Password Policy Admins security group is available in Domain Settings.

This new optional group helps organizations with larger teams who want to share password policy administration tasks while following least privilege security best practices.

Organizations who choose not to configure this group can continue to just rely on domain admin permissions.

More improvements and fixes

More improvements and fixes including more domain controller selection options, improved encryption for the Arbiter Web API and more can be found in the release notes.

If you are an existing Specops Password Policy customer, you can find upgrade instructions here. If you have questions about upgrading, please contact support.

Note: customers on Specops Password Policy 7.4 or earlier will need to contact support for guidance before upgrading.

See how Specops Password Policy can help

If you’re interested in seeing a demo of the latest Specops Password Policy, have questions about how you can block over 4 billion compromised passwords with Breached Password Protection, or are looking to add a self-service password reset option to your password expiration emails, contact us.

(Last updated on December 19, 2022)

Back to Blog