Configure User Passwords to Never Expire in Office365

For large enterprise environments with clearly defined security policies (and helpdesks with plenty of support staff) it makes sense to have users change their passwords every so often. However, if you work in a small office  having Office 365 force you to change your password can be annoying and disruptive, especially if you have many devices connected to the same mailbox.

Through the Office365 Admin panel you can change the “Days before passwords expire” value, but this has a limitation of 730 days. A pretty long time, but still you will have that thought in the back of your mind that one day you’re going to have to deal with updating your password.

O365_pw_never_expire_gui

Fortunately, via Windows PowerShell you can make it so that either a specific user account or all accounts on your Office365 domain will not ever be prompted to reset passwords.

You need these two programs:

Microsoft Online Services Module for Windows PowerShell
32bit – http://g.microsoftonline.com/0BX10EN/230
64bit – http://g.microsoftonline.com/0BX10EN/423

The Microsoft Online Services Sign-In Assistant 7.0
32bit – http://g.microsoftonline.com/0BX00en/500
64bit – http://g.microsoftonline.com/0BX00en/501

Launch PowerShell and execute the following commands in order:

1)
Import-Module msonline
(Import the module)

2)
$cred = Get-Credential
(Create a credential-object stored in the variable $credimp)

3)
Connect-MsolService -cred $cred
(Create a new remote PowerShell connection against the PowerShell endpoint for Office 365)

NOTE: You may receive a warning message, but it is OK to continue, the commands will still work.
WARNING: There is a newer version of the Microsoft Online Services Module.  Your current version will still work as expected, however the latest version can be downloaded at https://portal.microsoftonline.com.

If you want to check if all the users have “Password never expires” setting enabled or disabled run this command:
Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires

How to enable the “Password never expires” setting for all users:
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true

How to enable the “Password never expires” setting for a single user:
Set-MsolUser -UserPrincipalName  <Microsoft Online Services ID> -PasswordNeverExpires $true

To check a single user to see if the “Password never expires” setting enabled or disabled run this command:
Get-MSOLUser -UserPrincipalName <Microsoft Online Services ID> | Select PasswordNeverExpires

To check a single user for not only the “Password never expires” setting, but more in depth information use this command:
Get-MSOLUser -UserPrincipalName <Microsoft Online Services ID> | FL

Optional – You can see / list all available commands by using the following:
Get-Command –Module msonline

O365_pw_never_expire_powers

That’s all you have to do. Just remember that when you create a NEW user, you will need to issue the above commands against that new user account (or the entire domain again) to set the PasswordNeverExpires flag for the new account.

Thanks for reading! Good luck!

Leave a Reply

Your email address will not be published. Required fields are marked *

*