Pricing  Get Quote
 
 

How to: Office 365 password policy management with PowerShell

The PowerShell scripts given below can be used for Office 365 password policy management. ADSelfService Plus, the Active Directory self-service password management and single sign-on solution, provides advanced password policy settings that could be applied for both on-premises and cloud applications including Office 365, G Suite, etc. By integrating Active Directory with Office 365, ADSelfService Plus helps IT admins apply one custom password policy for users Office 365 and Windows Azure AD cloud accounts.

The following is a comparison between password policy management in Office 365 with Windows PowerShell and ADSelfService Plus:

With PowerShell

  • Modify the password policy for Office 365 users
    Using PowerShell, only the maximum password age can be modified. Other password policy settings cannot be managed using PowerShell.
    Set-MsolPasswordPolicy -DomainName <Domain Name> –ValidityPeriod <Number Of Days>
  • Set the password to never expired for Office 365 users
    Set-msoluser –UserPrincipalName <UserPrincipalName> -PasswordNeverExpires $True

With ADSelfService Plus

  • Configure a custom password policy for Office 365 accounts via the Password Policy Enforcer
    • Go to ADSelfService Plus admin portal.
    • Navigate to Configuration > Self-Service > Password Policy Enforcer.
    • Enable Enforce Custom Password Policy.
      how-to-change-office-365-password-policy-using-powershell-1
    • Configure the required advanced password policy settings.
    • Click Save.
  • Configure password expiration alerts via SMS, email, and push notifications
    • Go to Configuration > Password Expiration Notifier.
      how-to-change-office-365-password-policy-using-powershell-2
    • Enter the Scheduler Name and select the Notification Type.
    • Select the domains, OUs, or groups for which you want to send alerts.
    • From the Notify via drop-down, select the medium (SMS and/or email) through which you want to send notifications.
    • Set the Schedule Time and configure the Notification Frequency as:
      • Daily
      • Weekly
      • Weekly
    • Click Save.

What are the limitations of managing password policies in Office 365 via PowerShell?

  • The Office 365 administrator cannot configure password policy parameters like enforcing password history, minimum password length, or ensuring password complexity.
  • No support for self-service password reset portal without Azure AD premium subscription.
  • No support to remind Office 365 users via email and SMS before their password expires.
Benefits of ADSelfService Plus
  • Password self-service:

    Allows users to perform self-service password reset on their Active Directory and Office 365 accounts.

  • Improves IT security:

    Provides advanced multi-factor authentication including biometrics and QR-code authentication self-service password reset.

  • Universal enforcement

    Admins can enforce custom password management capabilities for users' Office 365 accounts.

  • Improves the user experience

    Allows users to reset Office 365 passwords from a secure web-portal, from anywhere, at any time.

Effective password self-service for Office 365 user accounts.

  Get 30-day free trial.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link