Office 365: Configuring User Passwords to Never Expire

One of the questions that we are most frequently asked is regarding users or administrators who subscribe to Office 365 but who are tired of receiving Office 365 password expiration notifications. These users might not be used to the service’s default password expiration policy, especially if they are coming from in-house systems that had more lenient expiration requirements. Although I am not entirely convinced that setting passwords to never expire is smart, if you choose secure passwords and use multifactor authentication, I do not think that disabling password expiration in Office 365 causes major difficulties.

Configuring Using PowerShell

As always, good old PowerShell can come to the rescue. First off, set yourself up to connect to the service through PowerShell remoting. If you have not done this yet, you will need two pieces of software: the Microsoft Online Services Sign-In Assistant for IT Professionals RTW (yes, that’s the official name) and the Azure Active Directory Module for Windows PowerShell.

  1. Install both programs.
  2. Open up a PowerShell command session and type in “Connect-MsolService”.
  3. Enter your credentials at the prompt.
  4. Once you are successfully authenticated, enter the following command to set a user’s password to never expire:
Set-MsolUser -UserPrincipalName <fullemailaddress@yourdomain.com> -PasswordNeverExpires $true

If you know a little bit about PowerShell, then you know that, if the verb in a command is “Set,” you can also use “Get” to retrieve information or properties about a certain object. In this case, you can use “Get-MsolUser” to see if the user’s password has already been configured to never expire; to do so, you use the following command, which selects the attribute to display in response to our command:

Get-MsolUser -UserPrincipalName <fullemailaddress@yourdomain.com> | Select PasswordNeverExpires

You can extrapolate from this command to see the password expiration statuses of all users in your tenant using the following command:

Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires

You can also combine these commands to set the passwords for all users in your tenant to never expire; this is done using the pipelining feature of PowerShell. Here, you get a list of users from “Get-MsolUser” and then pipe that information to “Set-MsolUser,” omitting the specific reference to names (as those will be fed into the new command from the pipeline) and leaving the attribute configuration the same:

Get-MsolUser | Set-MsolUser –PasswordNeverExpires $true

Configuring Using the Graphical User Interface

If you’re afraid of the PowerShell command line, here are two pieces of advice. First, do not fear it, for it is your friend. Second, know that there is also a way to disable password expiration from the web-based Office 365 administration console. You will need to have administrator credentials for this.

  1. Sign in at https://portal.office.com/adminportal/home.
  2. From the Settings menu, select “Security and privacy,” and then click “Edit.”
  3. Under “Password policy,” click the box hat says “Set user passwords to never expire.”

Follow these steps and you will not be annoyed by Office 365 password expiration notification emails any more.

Check out my previous post to learn a few rules that should be helpful when ensure Office 365 password policy security.

In case you can’t change password policy to never expire try Password Expiration Notifier, a free tool that automatically reminds users to change their passwords before they expire.

What password expiration policy do you have in your organization?