Set Password Expiration Policy in Microsoft 365 - Tenant level
As an administrator of an organisation, you are responsible for setting password policies for users in your organisation.
Setting up a password policy can be complicated and confusing! In this article, I give some recommendations to better secure your organisation against attacks where the password plays a major role.
First of all, activate multi-factor Authentication
Activate a policy for passwords in Office 365
If you do not set a password policy and have synchronised users from the local Active Directory then this policy is active.
Select Settings -> Org Settings -> Password Expiration Policy -> Set user passwords to expire...
Select how many days before the password expires.
Also select how much time users may receive a notification to reset the password.
How to activate Multi-Factor Authentication (MFA) in Office 365
Reset or change password in Office 365?
Users can report 'This was not me' at unwanted login attempt
Azure Active Directory Self-Service Password Reset (SSPR) enable
Block all outgoing email with policies