This article explains how to set a password for an individual user to not expire. You have to complete these steps using PowerShell.
Prerequisites
PowerShell 7 and later is the recommended PowerShell version for use with the Microsoft Graph PowerShell SDK on all platforms. There are no additional prerequisites to use the SDK with PowerShell 7 or later.
The PowerShell script execution policy must be set to as below.
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Install Microsoft Graph
The Microsoft Graph PowerShell SDK comes in 2 modules, Microsoft.Graph and Microsoft.Graph.Beta, that you will install separately. These modules call the Microsoft Graph v1.0 and Microsoft Graph beta endpoints, respectively. You can install the 2 modules on the same PowerShell version.
Using the Install-Module cmdlet is the preferred installation method for the Microsoft Graph PowerShell modules.
Installing the main modules of the SDK, Microsoft.Graph and Microsoft.Graph.Beta, will install all 38 sub modules for each module. Consider only installing the necessary modules, including Microsoft.Graph.Authentication which is installed by default when you opt to install the sub modules individually. For a list of available Microsoft Graph modules, use Find-Module Microsoft.Graph*. Only cmdlets for the installed modules will be available for use.
To install the v1 module of the SDK in PowerShell Core or Windows PowerShell, run the following command.
Install-Module Microsoft.Graph -Scope CurrentUser
Optionally, you can change the scope of the installation using the -Scope parameter. This requires admin permissions.
Install-Module Microsoft.Graph -Scope AllUsersVerify installation
After the installation is completed, you can verify the installed version with the following command.
Get-InstalledModule Microsoft.Graph
The version in the output should match the latest version published on the PowerShell Gallery. Now you’re ready to use the SDK.
Updating the SDK
You can update the SDK and all of its dependencies using the following command.
Update-Module Microsoft.GraphHow to check the expiration policy for a password
Use the Connect-MgGraph command to sign in with the required scopes. You need to sign in with an admin account to consent to the required scopes.
Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All"The command prompts you to go to a web page to sign in using a device code. Once you’ve done that, the command indicates success with a Welcome To Microsoft Graph! message. You only need to sign in once per session.
To see if a single user’s password is set to never expire, run the following cmdlet by using the UPN (for example, [email protected]) or the user ID of the user you want to check:
Get-MGuser -UserId <userid> -Property UserPrincipalName, PasswordPolicies | Select-Object UserPrincipalName,@{
N=”PasswordNeverExpires”;E={$_.PasswordPolicies -contains “DisablePasswordExpiration”}
}
To see the Password never expires setting for all users, run the following cmdlet:
Get-MGuser -All -Property UserPrincipalName, PasswordPolicies | Select-Object UserprincipalName,@{
N=”PasswordNeverExpires”;E={$_.PasswordPolicies -contains “DisablePasswordExpiration”}
}
To get a report of all the users with PasswordNeverExpires in CSV on the desktop of the current user with name ReportPasswordNeverExpires.csv
Get-MGuser -All -Property UserPrincipalName, PasswordPolicies | Select-Object UserprincipalName,@{
N=”PasswordNeverExpires”;E={$_.PasswordPolicies -contains “DisablePasswordExpiration”}
} | ConvertTo-Csv -NoTypeInformation | Out-File $env:userprofile\Desktop\ReportPasswordNeverExpires.csv
Set a password to never expire
Run one of the following commands:
- To set the password of one user so that the password expires, run the following cmdlet by using the UPN or the user ID of the user:
Update-MgUser -UserId <userid> -PasswordPolicies DisablePasswordExpiration
- To set the passwords of all users in the organization so that they expire, use the following cmdlet
Get-MGuser -All | Update-MgUser -PasswordPolicies DisablePasswordExpiration