'PowerShell cmdlet to apply Password to Never Expire policy in M365 tenancy to all users (including current and new users)

I have run the following cmdlet in PowerShell to disable the Password Expiration policy in my M365 tenancy for all users. However, the cmdlet is not applied to new users created. Can someone please explain how I can disable the policy for all current and new users?

Get-AzureADUser -All $true | Select-Object UserprincipalName,@{
N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}

}

EDIT

I have unchecked the Set user passwords to expire after a number of days in the Password expiration policy page. I have run the following cmdlet to check this policy is turned off in PowerShell.

Get-MsolPasswordPolicy

enter image description here

I have run the following cmdlet to set a Password to Never Expire Policy for all users in the organisation. (Upon investiation, this policy only applies to current users, and will not apply to new users).

Get-AzureADUser -All $true | Set-AzureADUser -PasswordPolicies DisablePasswordExpiration

Next I have checked the Set Password to Never Expire policy has been implemented successfully:

Get-AzureADUser -All $true | Select-Object UserprincipalName,@{
    N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}
 }

enter image description here

I then created a new user in M365 and ran the same cmdlet again. I can now see that the new user does not have the Password to Never Expire Policy applied.

enter image description here

Is there a cmdlet to create a Password to Never Expire for all users (current and new users)? I don't want to create separate policies for different users, I want to apply the same policy to all. Please advise.

azurepowershelloffice365microsoft365


Solution 1:[1]

If you want to remove password expiration for all users, you might consider changing password expiration policy for the entire organization.

To do so, uncheck Set user passwords to expire after a number of days in Password expiration policy page:

Changing password expiration policy

If you want to set password to never expire for a set of users, but not all, you'd have to schedule a script. The script should find new users and run the cmdlet you used against these new users.

In theory, you could also change password to never expire for all users. That'd require no changes to your script but might affect the performance. It's not recommended, but it might be suitable for smaller organizations.

Solution 2:[2]

We have tested this in our local environment creating a new user & Using the above shared cmdlets, we are able to disable the Password Expiration policy for all the existing users & for the new users as well.

Get-AzureADUser -All $true | Select-Object UserprincipalName,@{
N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}}

Get-AzureADUser -All $true | Set-AzureADUser -PasswordPolicies DisablePasswordExpiration

Here are the sample output for reference:

  • Below screenshot, is showing the default PasswordNeverExpires for all the users.

enter image description here

  • We have created a new user, post running the above cmdlets we are able to change the PasswordNeverExpires value to True for all the users as shown in the below

enter image description here

enter image description here

Alternatively, you can use MSonline PowerShell module to enable PasswordNeverExpires value to True.

Here is the PowerShell cmdlets to change the value of PasswordNeverExpires value to True for all the users.

Connect-MsolService
$userlist = Get-MsolUser -All | select -Property UserPrincipalName,PasswordNeverExpires
foreach( $item in $userlist){
  Set-MsolUser -UserPrincipalName $item.UserPrincipalName -PasswordNeverExpires $true
}
Get-MsolUser -All| select -Property UserPrincipalName,PasswordNeverExpires

Here is the sample output for reference:

enter image description here

If you still faces the issue would suggest you to open a support ticket using this link where in technical support team would help you in troubleshooting the issue from platform end or open a discussion over Microsoft Q&A.

Solution 3:[3]

The below will set the default password policy to never expire for all current and future users.

$AllDomains = Get-MsolDomain

ForEach ($domain in $AllDomains){
Set-MsolPasswordPolicy -ValidityPeriod "2147483647" -NotificationDays 0 -DomainName $domain.name
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Robert Dyjas
Solution 2 VenkateshDodda-MSFT
Solution 3 Jeremy Caney

Related Questions

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

New-ExoPSSession: Index was out of range

PowerShell Cannot dot-source this command because it was defined in a different language mode

How do I get only directories using Get-ChildItem?

Powershell - windows hard-disk health status is giving inconsistent results

The term 'AzCopy' is not recognized as a name of a cmdlet, function, script file

check if an string exists in a list of strings, using powershell

Can Powershell Run Commands in Parallel?

How can ensure that a function only accepts a positive integer?

Powershell: Two dimension arrays

PowerShell and process exit codes

PowerShell Script to set the size of pagefile.sys

Trying to install Angular 2 Material from npm - unrecognized token in source text