Password expiry

This question has suggested answer(s) This question has suggested answer(s)

Is there any way to disable password expiration for Small Business accounts?  Strong passwords are one thing but when several users expire without notice and are running Lync, various handheld devices and versions of Outlook, it can get very tedious to support.  Is Powershell the only way to do this, and if so, do Small Business accounts have access to this?  Failing that, is there a way to change ones password from one place (rather than having to update Blackberries, Outlook, etc)??


Many thanks,




2 out of 2 people found this post helpful.

All Replies
  • Hi Deryl,

    Yes, you can disable password expiration with the following PowerShell cmdlet:
    Set-MsolUser -UserPrincipalName  <Microsoft Online Services ID> -PasswordNeverExpires $true

    In order to run this cmdlet, you'll need to download and install the Microsoft Online Services Module for PowerShell.  Technically, this module is meant for Enterprise plans, as it contains cmdlets to assist with setting up Identity Federation.  However, Small Business admins are still able to run this cmdlet.

    Otherwise, no, there is no way to change your password in one place and push that out to all your devices and clients.  Well actually, you are changing your password in one place (the server), but it's the password that each of your clients remember that you'd want to change.  Allowing a client to query the new password from the server would kind of invalidate the whole thing.

    Hope that helps,
    David Wong
    Office 365 Technical Support

    1 out of 1 people found this post helpful.

  • David,

    Can you clarify "technically, this module is meant for Enterprise plans...."?  Does this mean Microsoft may disable the Powershell Module for non-Enterprise plans?


  • Mostly I wanted to emphasize that not all of the cmdlets will work on the Small Business plan.  I can't really comment on its continued availability, but I can say that the cmdlets work at the time of this posting.

    David Wong
    Office 365 Technical Support

  • Thanks for your response.  Not sure it makes me feel super confident about selling this service to clients.  

    In all seriousness, can't Microsoft figure out a better solution for this problem?  It's a big one.  If a client establishes this service with all the defaults, it will break in 90 days unless users are logging into the portal where the password change notice is presented.  I know for sure my clients will largely use Outlook or mobile devices, not the portal.  Therefore, in 90 days an executive could be on a business trip and his/her email stops working with no prior warning.  Why is there no option in the UI to disable password expiration?  Couldn't we at least have the ability to auto send an email to each user notifying them of the pending password expiration with a link to the portal and instructions for resetting?  I envision a warning sent every day for 10 days leading up to the expiration date.  You could make the argument that people will learn the process the first time their email breaks without warning.....but we all know that's not what happens in the real world.

    How do I sell this service to a 40 person company with no IT staff?  Rhetorical question, I understand.  But, telling the in-house person who will be responsible for support that his/her phone may ring 40 times per quarter with irate employees who cant get into email is not appealing.  Trying to explain why a powershell command is needed to make the service less secure but usable is a bit better, but we cant guarantee how long that option will be available.  

    It's ironic that this product is supposed to reduce the need for expensive IT consultants.  But with this scenario alone, it may be less expensive to hire the expensive consultants and put the Exchange box on site.  It certainly may offer more job security for the decision maker whose job could be on the line when a company owner's email stops working for no reason in 90 days.

  • R, as you can see, MS is clueless about offering cloud offerings to small businesses.  Frankly it's rather scary/unbelievable that they can bring a service like this to market and not get that this type of thing is not remotely acceptable for small businesses.  What an utter nightmare.

  • BTW, guess who missed a super important email last night from my most important customer because unbeknownst to me, my smart phone was no longer receiving messages because the password had expired - even though I never selected a 90-day setting when i set up the account and had no idea such insanity was in place.  It wasn;t until I logged into my computer just now and was greeted with none of my services working that I figured it out!

  • BTW R, you can also look forward to getting confused calls even if they do change their password because the new password doesn't propagate across all of the services instantly.  At least that's what just happened to me, it took a good 30 minutes before the new password would work in Lync.  Before that it was repeatedly rejected, both the old one and the new one!

  • Good to know.  Out of curiosity, how many user have you migrated to 365?  In production or testing?   Are there any advantages in your opinion over configuring these services in house?

    It's interesting no one from Microsoft will respond to my rant.  But, when Mozilla snubbed the enterprise with their new Firefox rapid release schedule Microsoft was quick to pour gas on their fire with talk of IE's greatness.  This password issue is such a huge issue for justification for the design and no indication Microsoft cares.  The greatest business software company in the world can't add a check box for "Allow Passwords to Expire"  YES or NO.  Unreal!

  • David, I am new to powershell and am looking for a little guidance on the cmdlet entry sequence of:

    Set-MsolUser -UserPrincipalName  <Microsoft Online Services ID> -PasswordNeverExpires $true

    Could you please show me exactly the sequence I would type in for this cmdlet?

    Thank you


  • 1. Follow the requirements for the Microsoft Online Services Module

    The following are required in order to run the Microsoft Online Services Module:

    • Operating system: Use Windows 7 or Windows Server 2008 R2.
    • Microsoft .NET Framework: You must turn on the Microsoft .NET Framework 3.51 feature in Windows 7 or Windows Server 2008 R2.
    • Windows PowerShell 2.0 and AD FS 2.0: In order to run the cmdlets to set up single sign-on, you must turn on the Windows PowerShell 2.0 feature, and you must have administrator privileges on the AD FS 2.0 server. We recommend that you use remote access to the AD FS 2.0 server when you run the cmdlets; to do this you must use Windows PowerShell remoting. For information, see About_Remote_Requirements.
    • All Office 365 software updates: From the Office 365 downloads page, install the required updates. To access the Office 365 downloads page, sign in to the Office 365 portal, and, under Resources, click Downloads. These updates are required because the features in Office 365 will not work properly without the appropriate versions of operating systems, browsers, and software. For more information, see Set up your desktop for Office 365.

    2. Download the Microsoft Online Services Module

    The Microsoft Online Services Module for Windows PowerShell is a download that comes with Office 365. This tool installs a set of cmdlets to Windows PowerShell.

    After downloading and installing the tool, open the Services module you’ll see a black window.


    At the command prompt enter get-command to make sure the cmdlets are loaded.

    As long as there is a lot of text displayed, they are loaded.


    Type: Connect-Msolservice.

    This will display a credentials screen and connect you to the server.

    Enter your credentials as an administrator.

    You will get another C:\> command prompt.

    Single user’s password to never expire:

    Type this out exactly replacing the <username> with the username and domain you want to set the password to never expire:

    Set-MsolUser –UserPrincipalName <username> -PasswordNeverExpires $True

    Entire Organizational Unit:

    Get-MsolUser | Set-MsolUser –PasswordNeverExpires $True

    If everything is entered correctly you will receive another command prompt.


    If not you’ll get red text and you’ll have start over. Make sure if you copy and paste that there is no space after the text pasted.

    Joshua K. Borges

    BPOS-S | Office365 Frontline Support.

    There is no plans to restrict access to the tools that will work across subscription plans. This would prevent customers that have multiple tier subscriptions from accessing the required tools for the plan they need.

    2 out of 2 people found this post helpful.

  • There is no plans to restrict access to the tools that will work across subscription plans. This would prevent customers that have multiple tier subscriptions from accessing the required tools for the plan they need.

  • Oh the irony of having a cloud service where you have to download not just an application but a set of command line tools to the desktop just to alter a setting.

    We can't even change a simple setting using "the cloud". Most amusing! :)

    1 out of 1 people found this post helpful.

  • This seems a bit insane...  Add to the expiration mess the fact that if the users password expires on a weekend, and their phone keeps trying to login with the expired password... they don't even know the password has expired and they don't get their email.  4 users down this weekend while we tried to figure out what happened only to find out that the magic 90 days occurred Saturday.

    What's worse is that after so many attempts at trying the account with the wrong password they get a security check that must be answered to reenable the account.

  • Thanks for the instructions. I don't have a Windows 7 PC (or Vista). So how do I stop passwords expiring via a Windows XP PC please? (I wasn't expecting my operating system to be a significant issue because I thought this all ran in the cloud).

    It'll be great to stop the password problem because my users use Outlook-synchronised Sharepoint folders and my users are confused about how to get out of the login Window that arises in Outlook when their old passwords don't work. (Closing the login Window merely causes the window to redisplay, presumably once for each Sharepoint folder that they synchronise. Sometimes we see a password Update window but often it's just a Window saying that the credentials have failed and offereing a "Back" link which goes to the Site portal, as if the the user were on the web, whereas my users are in Outlook at this point so they get very confused).

    Thanks for any XP solution you might have.


    1 out of 1 people found this post helpful.

  • Kevin, I am thankful that you posted your question.

    It seems I did forget the XP users and for that I am sorry.

    Great news though below is a link to the Microsoft Update for Windows XP (KB968930) which contains The Windows Management Framework Core package providing updated management functionality for IT Professionals Using Windows XP.

    I hope this information finds you well.