Microsoft 365: How to Set the Password to Never Expire?

In the ever-evolving world of cybersecurity, password management is crucial. One common practice is to enforce regular password changes to protect user accounts periodically. While this may seem like a good security measure, it can be quite frustrating to keep up with, and frequent password changes lead to weak passwords, as people tend to choose easy-to-remember passwords that are easy to guess or crack. Microsoft 365, a popular suite of productivity tools, allows administrators to set user passwords to never expire. Setting passwords to never expire ensures that users choose strong passwords and reduces the risk of data breaches.

Office 365 has built-in password policies that dictate how often users are required to change their passwords. By default, the password expiration is disabled. This blog post will explore maximizing your security by setting the Office 365 password to never expire using Microsoft 365 Admin Center and Azure AD PowerShell.

Benefits of Setting Your Office 365 Password to Never Expire

By setting your Office 365 password to never expire, you can reap several benefits. Firstly, you can ensure that your employees are using strong and secure passwords. When employees aren’t forced to change their passwords frequently, they are more likely to choose complex and unique passwords that are difficult to guess or crack. Secondly, you can reduce the risk of cyberattacks. Strong passwords are more difficult to crack, and by setting your password to never expire, you reduce the likelihood of weak or common passwords being chosen. Lastly, you can save time and increase productivity. By not having to change passwords frequently, employees can focus on their work instead of having to remember and reset passwords.

Configure Password Policy with Microsoft 365 Admin Center

One of the most crucial steps to safeguard your data is to set a strong password. However, frequently changing passwords can be a hassle, and it is easy to forget to do so. Fortunately, Office 365 offers a solution to this problem: Setting the password expiry! Let’s see how to turn off password expiration in Office 365 at the tenant level.

To set passwords to never expire at the domain level using the Microsoft 365 Admin Center, follow these steps:

1. Sign in to the Microsoft 365 Admin Center as global admin: Navigate to https://admin.microsoft.com and sign in with your admin credentials.
2. Click “Settings” in the left-hand menu, then click “Org settings.”
3. Under the “Security & privacy” tab, click on “Password expiration policy.” This will open a properties panel where you can modify the password expiration settings. Check the box next to “Set user passwords to never expire (recommended)”.

   

4. Click “Save” to apply the changes.

This sets the passwords to never expire for all users in your organization. This feature is especially useful for organizations that prefer to enforce their security policies or for users who find frequent password changes inconvenient.

Microsoft 365: Disable Password Expiration using PowerShell

While the above steps disable the password expiration for all users in the organization, it’s not possible to set the password expiration policy only for a particular user through the Office 365 admin center! Fortunately, there’s a way to disable password expiration in Microsoft 365 using PowerShell.

To set passwords to never expire for specific accounts using Azure AD from Windows PowerShell, follow these steps:

1. Install the AzureAD module: First, you need to have the AzureAD PowerShell module installed. To do this, open an elevated PowerShell window and run the following command:

Install-Module -Name AzureAD

2. Connect to your Azure AD tenant: To connect to your tenant, run the following command and provide your admin credentials when prompted:

Connect-AzureAD

Make sure you have Windows Azure Active Directory Module installed. More on installing and connecting to Azure AD from PowerShell is here: How to Connect to Azure AD using PowerShell?

3. Set passwords to never expire: To set the password policy for a single user, replace the ObjectID parameter <UserPrincipalName> with the user’s email address:

Set-AzureADUser -ObjectId Salaudeen@Crescent.com -PasswordPolicies DisablePasswordExpiration

To set passwords to never expire for all users, execute the following command:

Get-AzureADUser -All $true | Set-AzureADUser -PasswordPolicies DisablePasswordExpiration

4. Verify your changes: You can confirm that the password policies have been updated with the following command:

Get-AzureADUser -ObjectId <UserPrincipalName> | Select-Object -ExpandProperty PasswordPolicies

If the password policy has been set to never expire, you should see “DisablePasswordExpiration” in the output.

Set a password to expire: To set the password of a user to expire, run the following cmdlet

Set-AzureADUser -ObjectId Salaudeen@Crescent.com -PasswordPolicies None

Set Password Never Expires using Azure Ad PowerShell Module V1

To set an individual user password to never expire, type the following PowerShell cmdlets, replacing the username “Salaudeen@Crescent.com” with the user’s email address:

#Get Credential to connect
$Credential = Get-Credential

#Connect to Microsoft Online service
Connect-MsolService -Credential $credential

#Disable Password expiration
Set-MsolUser -UserPrincipalName Salaudeen@Crescent.com -PasswordNeverExpires $true

This may benefit users who prefer having a single, strong password for an extended period.

How to Set Password to Never Expire in Office 365 using Graph API

As Microsoft recently announced that MSOL and AzureAD PowerShell modules would be deprecated, let’s use the Microsoft Graph API to set the password expiration policy for a user account.

#Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.ReadWrite.All"

#Get the User by user id - UPN
$User = Get-MgUser -UserId "IsaiahL@crescent.com"

If($User.PasswordPolicies -ne "DisablePasswordExpiration")
{
    #Set pasword to never expire
    Update-MgUser –UserId $User.Id -PasswordPolicies DisablePasswordExpiration
    Write-host "Password set to Never Expire!" -f Green
}
Else
{
    Write-host "Password Expiration is already disabled!" -f Yellow
}

You can use a CSV file if you want to set this property in bulk!

Best Practices for Password Security

While setting passwords to never expire is a great way to ensure password security, it is not the only step you should take. Here are some best practices for password security:

1. Use a strong password: A strong password should be at least eight characters long and include a combination of uppercase and lowercase letters, numbers, and special characters.
2. Do not reuse passwords: Using the same password for multiple accounts increases the risk of a data breach.
3. Enable multi-factor authentication (MFA): Multi-factor authentication adds an extra layer of security to your account by requiring a second form of identification, such as a fingerprint or a code sent to your phone.
4. User Education: Ensure your employees understand the importance of password security and how to create strong and secure passwords.

Conclusion

Setting passwords to never expire is a great way to ensure password security in Office 365 and can save you time and effort. It reduces the risk of data breaches and ensures that users choose strong passwords. Setting passwords to never expire in Microsoft 365 can be achieved through Azure AD PowerShell and the Office 365 Admin portal. While both methods are effective, Azure AD PowerShell provides more flexibility and control over individual users and bulk changes. Disabling password expiration in Microsoft 365 is a simple process that can save you a lot of frustration in the long run. Remember to also follow best practices for creating a strong password and using multifactor authentication to further enhance security.