Related features:

Related Powershell Guides:

How to: Office 365 password policy management with PowerShell

The PowerShell scripts given below can be used for Office 365 password policy management. ADSelfService Plus, the Active Directory self-service password management and single sign-on solution, provides advanced password policy settings that could be applied for both on-premises and cloud applications including Office 365, G Suite, etc. By integrating Active Directory with Office 365, ADSelfService Plus helps IT admins apply one custom password policy for users Office 365 and Windows Azure AD cloud accounts.

The following is a comparison between password policy management in Office 365 with Windows PowerShell and ADSelfService Plus:

With PowerShell
  • Modify the password policy for Office 365 users

    Using PowerShell, only the maximum password age can be modified. Other password policy settings cannot be managed using PowerShell.

    Set-MsolPasswordPolicy -DomainName <Domain Name> –ValidityPeriod <Number Of Days>
  • Set the password to never expired for Office 365 users
    Set-msoluser –UserPrincipalName <UserPrincipalName> -PasswordNeverExpires $True
With ADSelfService Plus
  • Configure a custom password policy for Office 365 accounts via the Password Policy Enforcer
    • Go to ADSelfService Plus admin portal.
    • Navigate to Configuration > Self-Service > Password Policy Enforcer.
    • Enable Enforce Custom Password Policy.
      Steps to enable a custom password policy for Microsoft 365 using ADSelfService Plus
    • Configure the required advanced password policy settings.
    • Click Save.
  • Configure password expiration alerts via SMS, email, and push notifications
    • Go to Configuration > Password Expiration Notifier.
      Steps to configure password expiration notifications using ADSelfService Plus
    • Enter the Scheduler Name and select the Notification Type.
    • Select the domains, OUs, or groups for which you want to send alerts.
    • From the Notify via drop-down, select the medium (SMS and/or email) through which you want to send notifications.
    • Set the Schedule Time and configure the Notification Frequency as:
      • Daily
      • Weekly
      • Weekly
    • Click Save.

Benefits of ADSelfService Plus

  • Password self-service: Allows users to perform self-service password reset on their Active Directory and Office 365 accounts.
  • Improves IT security: Provides advanced multi-factor authentication including biometrics and QR-code authentication self-service password reset.
  • Universal enforcement: Admins can enforce custom password management capabilities for users' Office 365 accounts.
  • Improves the user experience: Allows users to reset Office 365 passwords from a secure web-portal, from anywhere, at any time.

Using PowerShell to change Office 365 password policy

Step 1: Connect to Microsoft 365 PowerShell

Log in to your Microsoft 365 tenant using the script below. This prompts for credentials to authenticate.

Connect-MsolService

Step 2: View the current password policy

Retrieve the existing settings using the script below. This displays the current policy for yourdomain.com.

Get-MsolPasswordPolicy -DomainName "yourdomain.com"

Step 3: Modify password expiration settings

Update expiration policy. The script below sets passwords to expire every 90 days and sends an expiration warning at 14 days before expiry.

Set-MsolPasswordPolicy -DomainName "yourdomain.com" -ValidityPeriod 90 -NotificationDays 14

Step 4: Enforce stronger password rules

Ensure users follow stronger passwords. The script below requires user@yourdomain.com to use a complex password.

Set-MsolUser -UserPrincipalName "user@yourdomain.com" -StrongPasswordRequired $true

FAQs

1. How can I check the current Office 365 password policy?

Check the current Office 365 password policy by running the script below.

Get-MsolPasswordPolicy -DomainName yourdomain.com

2. How do I set a new password expiration policy?

Set a new password expiration policy by running the script below. This sets passwords to expire in 60 days with a 10-day reminder.

Set-MsolPasswordPolicy -DomainName yourdomain.com -NotificationDays 10 -ValidityPeriod 60

3. Can I disable password expiration in Office 365?

Yes, you can disable password expiration using the script below.

Set-MsolUser -UserPrincipalName user@domain.com -PasswordNeverExpires $true

Effective password self-service for Office 365 user accounts.

Try it now for free

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Password Self-ServiceDirectory Self-ServiceOne IdentitySecurityRelated Products

A single pane of glass for complete self service password management

Free Trial Get Quote
Email Download Link