Set a user's password expiration policy

User passwords expire on a regular basis in Office 365. As an admin, you can make user's passwords expire after a certain number of days or set the password to never expire. You can also change the number of days before users are notified of password expiration.

This topic applies to Office 365 Enterprise, Office 365 Business Essentials or Office 365 Business Premium. If you're using Office 365 for Small Business, check out Manage passwords in Office 365 for Small Business for more information.

  1. Sign in to Office 365 with your work or school account.

  2. Go to the Office 365 admin center.

  3. In the Office 365 admin center, navigate to Settings > Security and privacy and click Edit.

    If you're still using the old Office 365 admin center, go to Service settings and then Passwords.

  4. If you don't want users to have to change passwords, select Passwords never expire. If you select this option, users won't get any reminders anymore to change their passwords.

  5. If you want user passwords to expire, type the number of days before the password should expire. Choose a number of days from 14 to 730.

  6. Type the number of days before users are notified that their password will expire, and then click Save. Choose a number of days from 1 to 30.

More about passwords and password expiration policies

  • How can I set the password to never expire for an individual user? Use the Microsoft Online Services Module for Windows PowerShell to set an individual user password to never expire. Check out Set user passwords to never expire.

  • How many days should I choose if I want user passwords to expire? Many organizations require new passwords every two or three months. Choose a number of days from 14 to 730.

  • How are users notified that their password will expire? Users see a message whenever they sign in, starting at the number of days before password expiration that you specified. The message shows the number of days left before the password expires and gives a link to the Change password page. For more information, see Change your password.

  • What if users don’t change their password in time? Users can still change their password after it has expired. The Update password page displays when they sign in, and they can enter a new password. You can also reset their password for them, if necessary. For more information, see Change your password or Reset a user's password.

  • What if I want to change password policy for accounts that are synchronized with Active Directory? Password policy can only be set using the steps in this article for accounts that aren’t synchronized through Active Directory synchronization. To learn more about Active Directory synchronization, check out Office 365 integration with on-premises environments..

Was this information helpful?

Great! Any other feedback?

How can we improve it?

Thank you for your feedback!