Disable password expiration on Office 365
introduction
By default passwords do expire after a certain amount of days on Office 365. This can be disabled via PowerShell only.
required steps
First of all you’ll need to download and install Microsoft Online Services Sign-In Assistant and the Windows Azure Active Directory Module. Then establish a connection to Office 365 servers. For details see commands below.
After entering $cred=get-credential you’ll be prompted for administrator credentials.
configuration
First connect to Office 365. To do that open PowerShell and paste the following code.
# Setting the execution policy to RemoteSigned. This will allow us to run scripts later Set-ExecutionPolicy RemoteSigned Y # Connecting to O365 Import-Module MSOnline $cred=get-credential Connect-MSOLService -credential $cred
Now that we are connected we can check the password expiration policy for all users.
Get-MSOLUser | Sort-Object DisplayName | Format-Table -Property DisplayName, UserPrincipalName, PasswordNeverExpires -AutoSize # This will result in something similar DisplayName UserPrincipalName PasswordNeverExpires ----------- ----------------- -------------------- Andy Monday [email protected] False Chris Tuesday [email protected] False Frans Wednesday [email protected] False Graham Thursday [email protected] False James Friday [email protected] False Joe Saturday [email protected] False John Sunday [email protected] False Julian Monday [email protected] False Katia Tuesday [email protected] False Keith Wednesday [email protected] False Kim Thursday [email protected] False Lara Friday [email protected] False Matt Saturday [email protected] False Nigel Sunday [email protected] False Phil Monday [email protected] False Richard Tuesday [email protected] False Roger Wednesday [email protected] False Simon Thursday [email protected] False Steve Friday [email protected] False
From here you can see that passwords do expire. To check the password policy for the domain you could run the following command.
# Checking password policy for our domain
Get-MsolPasswordPolicy -DomainName onmicrosoft.com | fl
ExtensionData : System.Runtime.Serialization.ExtensionDataObject
NotificationDays : 14
ValidityPeriod : 730
You can edit the Validity Period and the Notification Days but you cannot turn it off so the best bet is to disable expiration.
# Setting password never to expire for all users
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true
verification
Now lets verify if the command worked.
Get-MSOLUser | Sort-Object DisplayName | Format-Table -Property DisplayName, UserPrincipalName, PasswordNeverExpires -AutoSize DisplayName UserPrincipalName PasswordNeverExpires ----------- ----------------- -------------------- Andy Monday [email protected] True Chris Tuesday [email protected] True Frans Wednesday [email protected] True Graham Thursday [email protected] True James Friday [email protected] True Joe Saturday [email protected] True John Sunday [email protected] True Julian Monday [email protected] True Katia Tuesday [email protected] True Keith Wednesday [email protected] True Kim Thursday [email protected] True Lara Friday [email protected] True Matt Saturday [email protected] True Nigel Sunday [email protected] True Phil Monday [email protected] True Richard Tuesday [email protected] True Roger Wednesday [email protected] True Simon Thursday [email protected] True Steve Friday [email protected] True
