Set Passwords to Never Expire in Office 365 Using PowerShell
Just don’t do it!
However, there may be some cases where you are asked to break company policies and set an account to never expire. In smaller organizations this usually comes from the business owners or managers but try and resist for their own good and explain the security risks involved. When ever possible, compromise and come up with a suitable password policy for the business to use.
You could set the following password policy:
- Changes every 90 days
- 8 Characters long
- Include upper and lower case
- Include at least one number
- Include a special character such as a full stop
If you don’t know how to connect PowerShell to your Office 365 account, read this first then come back:
If you really need to set an account to never expire then you use the Get-MsolUser cmdlet and pipe the user object into the Set-MsolUser command to set the PasswordNeverExpires attribute to $True but you can always change it back by running the command again specifying $False.
In this example we set my account to never expire:
Get-MsolUser –UserPrincipalName firstname.lastname@example.org | Set-MsolUser –PasswordNeverExpires $True
If you really, really have to you can set all user passwords in Office 365 to never expire by running the cmdlet as follows:
Get-MsolUser | Set-MsolUser –PasswordNeverExpires $True
I urge you to never set passwords to never expire unless they are system accounts used with services such as AD Connect used to synchronise Active Directory. If you’re forced to do this, then at least ensure there is a suitably complex password policy in place.
Subscribe to the blog if you want to see my future tips, each week we I’ll post useful commands and scripts for you to learn from and experiment with.
If you want to learn more you can buy my book from Amazon, either the paper back or kindle version. My advice is to buy the paperback version so you can keep it on your desk for easy reference!