Q. What is password roll-over for Azure AD applications?
A. Azure AD has a large gallery of applications that are available to be used with Azure AD tenants. Some of these applications support true federation and have APIs to create objects where needed while others do not which means Azure AD caches a credential for the application either set by the user or by the administrator on the users behalf removing the need for users to know the password which is useful for corporate social media accounts and so on. Typically a pain point is someone still knows the password and that its never good to have static passwords that do not change. Azure AD has introduced automatic password rollover for certain applications, such as Twitter and Facebook. When assigning users to applications that support automatic password rollover if the option for the administrator to specify the credentials is set an option to enable automatic password rollover is also available as shown. If enabled the frequency of rollover can also be set and now at that duration Azure AD will automatically change the password to a new random complex password. This works in a similar way to managed service accounts in Active Directory.