Navigating BPOS Required Password Changes

Since InfusionPoints began using Microsoft Online Services (MOS) Business Productivity Online Suite (BPOS), we have noticed that navigating the required password changes can be a bit tricky. Once a password had been changed, we would have a variety of problems, from the mobile device not accepting the new password, to the Outlook client prompting for the password or refusing to connect to Exchange. After some investigation, we found that others were also having this problem.

After some diagnosis and research, we found that the problem stems from an account lockout policy. From Microsoft Online Services Help and How-to page on User Passwords:

Microsoft Online Services uses an account lockout policy to help protect the accounts of service administrators and end users. The user can try to sign in to the Administration Center or the Sign In application five times. After five failed attempts with an invalid user name or an incorrect password, users are locked out for 15 minutes.

Microsoft names the policy being relevant to the Administration Center and Sign In application. However, if the lockout policy is implemented in the directory, then it would be enforced regardless of the origin of the login attempt. What we believe was happening is that users would change their password, and before the new password could be configured everywhere it might be used, (including Communicator, Outlook, Mobile Devices, IMAP, POP, etc.) some combination of those applications and devices would already have made 5 connection attempts with the old (now incorrect) password and lock the account for up to 15 minutes. This would lead to further confusion, as the user might assume the password change did not take effect for some reason. They would then try the old password instead which now also does not work due to the lockout condition.

If this was indeed the cause of the problem, then we could infer that to avoid this issue, the new password would need to be configured everywhere it is used immediately after being changed to avoid the lockout. This led us to create the following procedure for our users which has – in fact – resulted in far fewer issues during password changes in MOS.

BPOS Password Change Procedure

1. Close Microsoft Office Communicator – Right click on Communicator in system tray > exit.

1. Close all open Outlook 2010 Windows.
2. In the MOS Sign In Application, click the Options Tab. Ensure that all Check Boxes under sign-in preferences are checked.

1. Click "Change Password." **IMPORTANT** Do not click "Save" until step 7.
2. Enter your old password and new password as prompted. **IMPORTANT** Do not click "Save" until step 7.

1. On each mobile device configured for Exchange, open the settings dialog for mail and enter the new password. **IMPORTANT** Do not click "Done" until step 8.
   An iOS example is shown below.

1. In the MOS Sign In App. Click "Save" to change the password. You will receive a prompt from the system tray that your password was successfully changed.
2. Once you receive the prompt that your password has been changed, immediately click "done" on your mobile devices.
3. Re-open Outlook and Microsoft Office Communicator.