Categories: Business & Tech News

SOLVED: How To Set Azure / M365 User Accounts To Not Expire

If your company is anything larger than tiny and you are using Microsoft Office 365 or Azure, you will almost certainly run into a situation in which you want to a few user account set to not expire. Perhaps they are service accounts, or they are accounts that contractors rarely use.

Why Microsoft Says User Passwords Should NOT Expire

You might be surprised to find that Microsoft’s official position is that you should not have your Microsoft 365 or azure accounts expire:

Password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cybercriminals almost always use credentials as soon as they compromise them.

https://learn.microsoft.com/en-US/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide&WT.mc_id=365AdminCSH_inproduct#password-expiration-requirements-for-users

How to Set ALL Microsoft Office User Account Passwords To Expire or Not

  1. Sign into https://portal.office.com
  2. Click the ADMIN link (bottom of the left rail)
  3. Click SHOW ALL (on the left menu)
  4. Expand SETTINGS
  5. Click ORG SETTINGS
  6. Click SECURITY & PRIVACY tab along the top
  7. Click PASSWORD EXPIRATION POLICY
  8. Click the SET PASSWORDS TO NEVER EXPIRE checkbox
  9. Set the number of days between password resets

How To Set a Specific Microsoft User Account to Not Expire

  1. Open a PowerShell (or Windows Terminal) as an Administrator
  2. Enter
    Install-Module MSOnline
  3. Enter
    Connect-MsolService
  4. Sign in to the Microsoft Office 365 / Azure account
  5. OPTIONAL: Enter
    Get-MsolUser -UserPrincipalName User@EmailAddress.com
    • This will display some user account information
  6. Enter
    Set-MsolUser -UserPrincipalName User@EmailAddress.com -PasswordNeverExpires $true
  7. Enter
    $user = Get-MsolUser -UserPrincipalName "user@domain.com" | Select-Object UserPrincipalName, PasswordNeverExpires, WhenCreated, LastPasswordChangeTimestamp
    $user
    • This will display when the account was created, when the password was last changed, and if it is set to not expire
Leave a Comment
Published by
Ian Matthews
9 months ago

This website uses cookies.