Forum Discussion

GV IT's avatar
GV IT
Brass Contributor
Sep 17, 2017
Solved

set password expiry in O365

can i set password expiry for certain select group of users to get them to change their password regularly ? currently, the system policy is set to 180 days expiry date. but we noticed that some us...
office 365
Aljohn Bonifacio's avatar
Aljohn Bonifacio
Steel Contributor
Sep 18, 2017

If you set password expiry in O365, it will apply to all users. What you need to do to exempt is to set individual users password to never expire. You can do this via Powershell: https://support.office.com/en-us/article/Set-an-individual-user-s-password-to-never-expire-f493e3af-e1d8-4668-9211-230c245a0466

 

Also, you can set all users first to never expire,

Get-MSOLUser | Set-MSOLUser -PasswordNeverExpires $true

then change individually selected users to password that expires.

Set-MSOLUser -UserPrincipalName <alias> -PasswordNeverExpires $false

 

Deleted's avatar
Deleted
Jul 13, 2018
Is possible to set password expired and not PasswordNeverExpires for single user?
  • Nestori Syynimaa's avatar
    Nestori Syynimaa
    MVP
    Jul 15, 2018

    You can set the password to never expire for a single user using the following PowerShell command:

    Set-MsolUser -UserPrincipalName <your user> -PasswordNeverExpires $true

    To force a single user to change the password during the next login, use the following command:

    Set-MsolUserPassword -UserPrincipalName <your user> -ForceChangePassword $true

    Please note that these commands only affects the users whose passwords are in the cloud. I.e. you are not using password hash sync, federated identity, passthru authentication, etc.  

    • Deleted's avatar
      Deleted
      Jul 16, 2018

      Ok, thank you very much. 

      I have a hybrid configuration in the company. Users on premise with ADSync synchronization in Office 365 and users who only have cloud mail in O365.
      I need to set the GPOs for password expiration in active directory and also expire users who are on the cloud. By setting the password expiration on the cloud, do I conflict that the gpo I have set in active directory?
      I understand that cloud users take the password expiration rule from Office 365, in the security and privacy section, while an on-premise user who has the GPOs in AD set, also acquires the password expiration rules that are in O365?

       

      • Nestori Syynimaa's avatar
        Nestori Syynimaa
        MVP
        Jul 16, 2018

        Do you have also the password sync enabled? If so, all password policies are managed in on-prem AD and O365 expiration rules etc. do not apply for synced users.