Set Azure AD password to never expire

I use Office 365 for my family’s e-mail and document storage, but they are not keen on regularly changing passwords – the IT department receives a lot of hassle Smile

Although the UI does not allow for the passwords to be set to never expire, PowerShell does.

First off, we can get the status of all users:

#See the status of all users
Connect-MsolService;
Get-MsolUser | Select UserPrincipalName, PasswordNeverExpires;

Or we can get the status of a specific user:

#See the status of a specific user
Connect-MsolService;
Get-MsolUser -UserPrincipalName <user id>| Select UserPrincipalName, PasswordNeverExpires;

The <user id> value is the identity that the user uses to log in, e.g. username@domain.com or username@tenant.onmicrosoft.com.

We can get all users who have a password set to expire:

#Get all users with passwords set to expire
Connect-MsolService;
Get-MsolUser | where {$_.PasswordNeverExpires -eq $false} | Select UserPrincipalName;

We can change all users with passwords set to expire:

#Change all users to have passwords that never expire
Connect-MsolService;
Get-MsolUser | where {$_.PasswordNeverExpires -eq $false} | Set-MsolUser -PasswordNeverExpires $true;

Or change only one user:

#Change one user to have a password that never expire
Connect-MsolService;
Get-MsolUser -UserPrincipalName <user id> | Set-MsolUser -PasswordNeverExpires $true;

So in short, where the UI in Azure AD does not offer us the capability to manage users in relation to the expiry of their passwords, PowerShell does.

Leave a Reply

Your email address will not be published.