Set password expiration policies in Microsoft 365

As an administrator of an organization, you are responsible for setting password policies for users in your organization.

Setting a password policy can be complicated and confusing! In this article, I provide some recommendations to better secure your organization against attacks where password plays a major role.

First of all, activate multi-factor Authentication

Regardless, you have a good policy of changing the password every 30, 90 or 180 days. Still, it is better to activate MFA. You can read all about it in this blog!

Activate a policy for passwords in Office 365

If you do not set a password policy, and have synchronized users from the local Active Directory then this policy is active.

Browse To: https://admin.microsoft.com/Adminportal

Select Settings -> Org Settings -> Password Expiration Policy -> Set user passwords to expire....

Select how many days before the password expires.
Also select how much time users should receive a notification to reset the password.

Also read!

How to Enable Multi-Factor Authentication (MFA) in Office 365
Reset or modify password in Office 365?
Users can report 'This wasn't me' on unwanted login attempt
Enable Azure Active Directory Self-Service Password Reset (SSPR)
Block all outgoing email with policies