Apply a password expiration policy for 90 days for all users, except for few users which should never expire.
Login to the admin.microsoft.com portal.
- Goto settings
- Org settings
- Under Security and privacy tab
- Click on password expiration policy.
- Uncheck the box to enable passwords expire for all users.
- Input the days as required.
- Click save.
Open PowerShell as an elevated permission.
Connect with Microsoft Graph.
Connect-MgGraph -Scopes "User.ReadWrite.All", "Directory.ReadWrite.All"
Check the password policy for one user with the following command.
Get-MGuser -UserId imteyaz@4ydc0v.onmicrosoft.com -Property UserPrincipalName, PasswordPolicies | Select-Object UserPrincipalName,@{
N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
}
Check the password policy for all user with the following command.
Get-MGuser -All -Property UserPrincipalName, PasswordPolicies | Select-Object UserprincipalName,@{
N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
}
Update the password policy for few users with the following command.
$users = @("imteyaz@4ydc0v.onmicrosoft.com", "adeeba@4ydc0v.onmicrosoft.com", "nadim@4ydc0v.onmicrosoft.com", "maheen@4ydc0v.onmicrosoft.com") # Add the user UPNs here
foreach ($user in $users) {
Update-MgUser -UserId $user -PasswordPolicies DisablePasswordExpiration
}
Output:
Article: Set an individual user's password to never expire - Microsoft 365 admin | Microsoft Learn