Pricing  Get Quote
 
 

Set an individual user's password to never expire in Azure Active Directory

Microsoft 365 offers admins the option of setting the Azure AD password to never expire. Password expiration used to be considered crucial to an organization's security, but NIST's latest guidelines state that setting passwords to never expire increases security.

Organizational policies might consequently need to change such that their passwords, be it on-premises AD or Azure AD, are set to never expire as part of their domain password policy.

This cannot be done via the Azure AD admin portal. You will have to use the Microsoft 365 admin center or PowerShell to set Azure AD users' passwords to never expire. You will also need to use an Azure AD global administrator account to achieve this. In this document we'll be seeing how to set an individual user's password as well as the entire domain's user passwords to never expire.

Important: You need Global Admin or Password Administrator privileges on Azure AD to perform this action.

Steps to set an individual user's password to never expire in Azure AD:

  • Open Windows PowerShell with administrative privileges.
  • Run the following cmdlet:

    Update-MgUser -UserId <user ID> -PasswordPolicies DisablePasswordExpiration

  • Mention the individual user's username or UPN number in place of <user ID> in the above cmdlet.

Steps to set the entire domain's user passwords to never expire in Azure AD:

  • In the Microsoft 365 admin center, go to the SettingsOrg Settings.
  • Go to the Security & privacy page. (If you aren't an Azure AD global admin, you won't see the Security & privacy option.)
  • Select Password expiration policy.
  • Uncheck the box next to Set user passwords to expire after a number of days.
  • Now, your domain users' passwords will not expire.

NIST also recommends that organizations use lengthy passwords from eight to 64 characters long. Organizational policies will determine the password complexity. Passphrases are also recommended, as not only are they difficult to crack but also easier to remember.

An easier way to apply complex password policies across an organization is using ManageEngine ADSelfService Plus, an identity security solution with MFA, self-service password management, and SSO capabilities. Its Password Synchronization feature allows users to change their Microsoft 365 password and synchronize it with all connected accounts, including AD, Salesforce, and Zendesk.

ADSelfService Plus' Password Policy Enforcer allows organizations to set advanced password policies that are more secure than the default AD domain and fine-grained password policies. This feature enables a high degree of password complexity or complex passphrases, ensuring peace of mind even when passwords are set to never expire in Azure AD and other SSO Enterprise applications.

If organizational policies determine that password expiry must be retained, ADSelfService Plus' Password Expiration Notifier tool helps IT admins notify users about their expiring AD domain passwords.

IT admins receive the flexibility to choose email, SMS, or push notifications, and can set the notification frequency according to their organization's requirements.

Notify users of impending password expiration and ensure uninterrupted access.

  Download a free trial now!  Request demo

Request for Support

Need further assistance? Fill this form, and we'll contact you rightaway.

  • Name
  •  
  • Business Email *
  •  
  • Phone *
  •  
  • Problem Description *
  •  
  • Country
  •  
  • By clicking 'Submit' you agree to processing of personal data according to the Privacy Policy.
Highlights

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

Embark on a journey towards identity security and Zero Trust