Free EditionMicrosoft 365 offers admins the option of setting the Azure AD password to never expire. Password expiration used to be considered crucial to an organization's security, but NIST's latest guidelines state that setting passwords to never expire increases security.
Organizational policies might consequently need to change such that their passwords, be it on-premises AD or Azure AD, are set to never expire as part of their domain password policy.
This cannot be done via the Azure AD admin portal. You will have to use the Microsoft 365 admin center or PowerShell to set Azure AD users' passwords to never expire. You will also need to use an Azure AD global administrator account to achieve this. In this document we'll be seeing how to set an individual user's password as well as the entire domain's user passwords to never expire.
Important: You need Global Admin or Password Administrator privileges on Azure AD to perform this action.
Update-MgUser -UserId <user ID> -PasswordPolicies DisablePasswordExpiration
NIST also recommends that organizations use lengthy passwords from eight to 64 characters long. Organizational policies will determine the password complexity. Passphrases are also recommended, as not only are they difficult to crack but also easier to remember.
An easier way to apply complex password policies across an organization is using ManageEngine ADSelfService Plus, an identity security solution with MFA, self-service password management, and SSO capabilities. Its Password Synchronization feature allows users to change their Microsoft 365 password and synchronize it with all connected accounts, including AD, Salesforce, and Zendesk.
ADSelfService Plus' Password Policy Enforcer allows organizations to set advanced password policies that are more secure than the default AD domain and fine-grained password policies. This feature enables a high degree of password complexity or complex passphrases, ensuring peace of mind even when passwords are set to never expire in Azure AD and other SSO Enterprise applications.
If organizational policies determine that password expiry must be retained, ADSelfService Plus' Password Expiration Notifier tool helps IT admins notify users about their expiring AD domain passwords.
IT admins receive the flexibility to choose email, SMS, or push notifications, and can set the notification frequency according to their organization's requirements.
Notify users of impending password expiration and ensure uninterrupted access.
Download a free trial now! Request demoNeed further assistance? Fill this form, and we'll contact you rightaway.
Allow Active Directory users to self-service their password resets and account unlock tasks, freeing them from lengthy help desk calls.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications using their Active Directory credentials.
Intimate Active Directory users of their impending password and account expiry via email and SMS notifications.
Synchronize Windows Active Directory user passwords and account changes across multiple systems automatically, including Microsoft 365, Google Workspace, IBM iSeries, and more.
Strong passwords resist various hacking threats. Enforce Active Directory users to adhere to compliant passwords by displaying password complexity requirements.
Enable Active Directory users to update their latest information themselves. Quick search features help admins scout for information using search keys like contact numbers.
