Having password policies in a company is good! Very good! And important!
Using on-premises active directory and GPO’s makes it very easy to handle password policies. If we have an Office 365 environment managed by Microsoft onboard tools such as ADFS and AAC we also don’t have to think to far how to handle password policies.
However, what about some cloud only service accounts or cloud only Admin accounts? There are always accounts in the cloud, which are “out of the policy”. Using on-premises active directory, we simply can set the password to “never expire”. In the cloud we do not have this option.
Of course, there are ways how to customize password expiration in Office 365. This can help you to create cloud only password policies. Let’s first start with these settings in this article. After that, I will show you how to set accounts, so that the password will not expire.
If we login to our Office 365 portal, we navigate to Settings > Security & Privacy.
Now, you simply can choose the option Password policy:
And here we have options to set our password policy.
As you can see, we have the option to set the expiration date, the user notification counter and never expire option.
Be aware of this never expire option. If you enable this setting, it will be for all user accounts you have in the cloud!
What we want to do is, to make this never expire setting just for an Admin or service account.
To do that we need to use the remote PowerShell.
How to connect to your Office 365 Tenant by PowerShell you can see HERE.
After successful login, we can run the following command:
Set-MsolUser -UserPrincipalName ServiceAccount@Contoso.onmicrosoft.com -PasswordNeverExpires $true
I hope, this article helps you to optimize your cloud settings in Office 365 and your environment.