, , , ,

My thanks to Stoch Tech Group’s blog for this most useful set of Powershell commands, to set the password no-expiration policy for a domain with Office 365, reprinted here for the sake of my own documentation.


  • First you need a system with Microsoft Powershell installed. You can download this and find installation instructions for Powershell here.
  • Then you need to have the Microsoft Online Services Module installed which you can download here.
  • Now you will need to run the following commands in order.
  • $LiveCred = Get-Credential – You should then be prompted for your Office 365 admin credentials.
  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection – You should see a few messages about redirection and then be returned to the prompt.
  • Import-PSSession $Session – You will again see a few messages on screen and should then be returned to the prompt. At this point we are connected and ready to work.
  • Connect-MSOLService – Connect to the MSOL Service
  • Get-MSOLUser – This will provide a list of the users and their User Principal Name which we will need for the next step.
  • Set-MSOLUser -UserPrincipalName user@domain.com -PasswordNeverExpires $true -StrongPasswordRequired $true – This will change a single user account’s password to never expire. If you want to change all user accounts use the next command.
  • Get-MSOLUser | Set-MSOLUser -PasswordNeverExpires $true – This will set all accounts to have non expiring passwords.
  • Remove-PSSession $Session – Clean up and close our session when done.

Getting MS to allow a no-expiration policy for my small business customers was the holy grail of my first 12 months for customers we moved to on Online Services > Office 365.

Being a fairly small IT shop, but with several business customers and lots of users on Office 365, each time a user would not renew their password in time (why do they ignore warning messages?), we were required to drop everything to go and reset.   We literally moved 5 or more business back off MS’ service purely due to the management overheads it caused.    Allowing a no-expiration policy was the most sensible thing MS did for Office 365 small business customers.


Going back to my own exchange with 365 support, this was their instruction set at the time, which worked for me:

Issue Description: Password policy needs amending to NO EXPIRATION

Use this link to connect to PowerShell Microsoft Online Services Module for Windows PowerShell

Do this

Click Start > All Programs Microsoft Online Services (Folder) and select Microsoft Online Services Module for Windows PowerShell

  • Run the command below:



  • Type the administrator credential.

Run this command to connect to Office 365:

Connect-MsolService -Credential $cred

For this way you won’t need the connection to exchange online using the long link


Set password never expire for all user

Get-MSOLUser | set-msoluser -PasswordNeverExpires $true

You don’t have to change nothing with this command

For everybody in the organization

After that

Check what users have the password never expire

Get-MSOLUser | select user*, password*

This command will show if all user has activated as “true”
Running all of this should then allow you to get the following output:

PS C:\Windows\system32> $cred=Get-Credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
PS C:\Windows\system32> Connect-MsolService -Credential $cred
PS C:\Windows\system32> Get-MSOLUser | set-msoluser -PasswordNeverExpires $true
PS C:\Windows\system32> Get-MSOLUser | select user*, password*

UserPrincipalName                                          PasswordNeverExpires
—————–                                          ——————–
customer@domain.com                                      True
admin@domain.com                                    True
customer@domain.com                                          True
customer@domain.com                                                   True
customer@domain.com                                                  True
customer@domain.com                                                  True
customer@domain.com                                                     True
customer@domain.com                                                     True
PS C:\Windows\system32>