Set password expiration policies in Microsoft 365 - Tenant level
As an administrator of an organization, you are responsible for setting password policies for users in your organization.
Setting a password policy can be complicated and confusing! In this article, I provide some recommendations to better secure your organization against attacks where password plays a major role.
First of all, activate multi-factor Authentication
Activate a policy for passwords in Office 365
If you do not set a password policy, and have synchronized users from the local Active Directory then this policy is active.
Browse To: https://admin.microsoft.com/Adminportal
Select Settings -> Org Settings -> Password Expiration Policy -> Set user passwords to expire....
Select how many days before the password expires.
Also select how much time users should receive a notification to reset the password.
How to enable Multi-Factor Authentication (MFA) in Office 365
Reset or modify password in Office 365?
Users can report 'This wasn't me' on unwanted login attempt
enable Azure Active Directory Self-Service Password Reset (SSPR)
Block all outgoing email with policies