Office 365 Password Never Expires

By | 7th July 2015

Having moved the entire office over to Office 365 and Exchange Online everything is well in email land, or so I thought. I’ve now had a few people asking what the message about their password expiring means.

Nice easy one this, I just needed to turn off Password Expiration for each user. However, with the move to more and more being done with PowerShell, this option isn’t available in the Exchange Online interface. Luckily it seems many other people had this problem, so using information gleaned from around the ‘net this is how I did it – as of 7th July 2015.

First you need to install two pieces of software from Microsoft to enable you to connect to Exchange Online with PowerShell.

The first is the Microsoft Online Services Sign-In Assistant for IT Professionals – make sure you download the 64-bit version as the next bit of software you need is only available as 64-bit.

This seems to be a beta version, but was the only version that let me install the next bit of software – the Azure Active Directory Module for Windows PowerShell (previously called the Online Services Module)

Once these two bits of software are installed you can now use PowerShell to make your changes. First connect to Exchange Online, or more generally Microsoft Online.

import-module MSOnline

The second command will prompt you for your Microsoft Online Admin login.

You can now list the Password Expiry settings for each user.

Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpires

Or for an individual user – obviously replacing with a valid user.

Get-MSOLUser -UserPrincipalName | Select PasswordNeverExpires

To set all user’s password to never expire.

Get-MSOLUser | Set-MSOLUser -PasswordNeverExpires $true

Or for an individual.

Set-MSOLUser -UserPrincipalName -PasswordNeverExpires $true

Obviously if you want to turn password expiry back on change the $true to $false.


Unfortunately on our Office 365 account we have some users without mailboxes that simply forward. Running the above command managed to break this by removing their external forwarding address.

To stop this happening you can filter the list to just those that are licensed which in my case are the ones with real mailboxes and logins. The command to do this is:

Get-MSOLUser | Where-Object { $_.isLicencsed -eq "TRUE" } | Set-MSOLUser -PasswordNeverExpires $true

You can also use this filter to make sure these are the right users:

Get-MSOLUser | Where-Object { $_.isLicensed -eq "TRUE" } | Select UserPrincipalName, PasswordNeverExpires

Leave a Reply

Your email address will not be published. Required fields are marked *