Set password expiration policies in Microsoft 365
As an administrator of an organization, you are responsible for setting password policies for users in your organization.
Setting a password policy can be complicated and confusing! In this article, I provide some recommendations to better secure your organization against attacks where password plays a major role.
First of all, activate multi-factor Authentication
Regardless, you have a good policy of changing the password every 30, 90 or 180 days. Still, it is better to activate MFA. You can read all about it in this blog!
Activate a policy for passwords in Office 365
If you do not set a password policy, and have synchronized users from the local Active Directory then this policy is active.
Browse To: https://admin.microsoft.com/Adminportal
Select Settings -> Org Settings -> Password Expiration Policy -> Set user passwords to expire....
Select how many days before the password expires.
Also select how much time users should receive a notification to reset the password.
Also read!
How to Enable Multi-Factor Authentication (MFA) in Office 365
Reset or modify password in Office 365?
Users can report 'This wasn't me' on unwanted login attempt
Enable Azure Active Directory Self-Service Password Reset (SSPR)
Block all outgoing email with policies