Enzoic for Active Directory works wherever the password is being set or changed. When rejected, the user is notified via the standard Windows message that a password does not pass domain policies (e.g. “The value provided for the new password does not meet the length, complexity, or history requirements of the domain”). If the change request has come from a third-party service (e.g. IAM platform), that service receives the standard Windows notification and displays accordingly.

However, with that said, we do have an optional workstation client. This client acts like a credential provider on end user workstations, and will provide hints to assist with password changes (see screenshot below). For more information see the Client Setup Instructions in our Enzoic Tech Docs.