New in Specops Password Policy 7.7 – Improved Password Expiry Emails and More
Today we’ve released the latest update to our Active Directory password management solution, Specops Password Policy 7.7.
This release includes improved intervals for password expiration reminder emails, as well as new functionality for sending test emails and selecting specific domain controllers for configuration and user counting.
Let’s take a look at what some of these changes look like.
Customize When Password Expiration Reminder Emails Are Sent
Reminding users of expiring passwords is an important part of reducing the burden on your service desk. When a user changes their password ahead of their expiry date, that is one less expensive call to your overworked IT staff.
Prior to this release, when password expiry reminder emails were configured in Specops Password Policy, they were sent every day. With this release, admins can configure custom intervals (e.g., 1, 3, 5 days out from expiry)
If you’re wondering how many of your passwords are expiring soon, you can quantify that burden with the Expiring Passwords report in a free scan with Specops Password Auditor.
We recommend including instructions on how to change or reset their passwords in the expiry reminder email. Customers with Specops uReset can include a direct link to the self-service reset platform for their users in the email.
Preview and Test Expiry Reminder and Breached Password Notification Emails
Specops Password Policy supports using email for notifications about compromised passwords and upcoming password expirations. With this release, admins can now send test emails right from within the policy they are editing. These test sends allow admins to preview those emails as well as test that the send configuration works as expected.
Previewing and testing expiration reminder emails and breached password notification emails can be especially helpful when deploying new policies or making changes to an existing one. If your organization has the Specops Breached Password Protection service configured, try testing the compromised password notification email ahead of the next time you update the Express list.
New Security Group Option to Support Least Privilege Password Policy Administration
This release introduces a new, optional, Specops Password Policy Admins security group. This optional group will be empty by default but can be configured to grant rights to a set of users to administrate most password policy settings without being domain administrators. Actions that require domain admin privileges, such as creating new GPOs, will not be available to this group.
This new optional group helps organizations with larger teams who want to share password policy administration tasks while following least privilege security best practices.
Organizations who choose not to configure this group can continue to just rely on domain admin permissions.
More improvements and fixes
More improvements and fixes including more domain controller selection options, improved encryption for the Arbiter Web API and more can be found in the release notes.
Note: customers on Specops Password Policy 7.4 or earlier will need to contact support for guidance before upgrading.
See how Specops Password Policy can help
If you’re interested in seeing a demo of the latest Specops Password Policy, have questions about how you can block over 4 billion compromised passwords with Breached Password Protection, or are looking to add a self-service password reset option to your password expiration emails, contact us.
(Last updated on December 19, 2022)