Hi, Currently Keycloak is not exposed directly to our customers, hence all user operations are being done in our application background using the admin API. We noticed that when changing user password from the admin API the password policy is not enforced, for example when setting password history policy. Can you please advise if is it by design ? If so do you have any suggestion how to handle the password policy in our case (using the admin API we can't get the user current or previous passwords) ? Thanks, Haim. The information contained in this message is proprietary to the sender, protected from disclosure, and may be privileged. The information is intended to be conveyed only to the designated recipient(s) of the message. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you.