If you have not yet implemented any identity protection mechanisms, such as multi-factor authentication (MFA), or to satisfy your company’s security regulations, you should establish a password expiration policy. In that case, this article will interest you. I will explain how to configure a password expiration policy for your cloud identities using PowerShell. Important:
- You must use your global administrator account to perform these steps.
- The password expiration policy applies to all users.
PowerShell Workaround #
First, you need to make sure the MSOnline module is installed on your computer and then imported into your Powershell session. To do that, you should use the following commands.
Install-Module MSOnline Import-Module MSOnline
Once you have imported the module, you are ready to start.
Connect to Azure Active Directory. #
The easiest way to get started is to log in interactively at the command line.
Check the current password policy #
Using the Get-MsolPasswordPolicy cmdlet, you can verify the Password expiration Policy’s current configuration in your tenant or Domain.
Get-MsolPasswordPolicy ` -DomainName Exams500.onmicrosoft.com ` | fl
Important: If you don’t specify the domain, The command gets the tenant password policy.
Set the new password policy #
To set your password policy, you should use the Set-MsolPasswordPolicy cmdlet with the following syntax.
Set-MsolPasswordPolicy ` -DomainName Exams500.onmicrosoft.com ` -ValidityPeriod 90 ` -NotificationDays 14
- -DomainName: If you don’t specify the domain, The command sets the tenant’s password policy.
- -ValidityPeriod: This value represents the days that a password is valid before you must change it.
- -NotificationDays: Specifies the number of days before the password expires that the user will start receiving reminders to update their password.
Microsoft 365 Admin Center #
If you prefer to use the Microsoft admin center portal:
- log in to the admin center with your global administrator account, select the app launcher icon at the top left, and choose Admin.
- Once there, go to settings -> Org Settings.
- In the Security & Privacy tab, click on the Password expiration policy option.
Thanks for reading my post. I hope you find it helpful.
If you want to learn more about password policy recommendations, check out this link.