We have a password policy that forces a password change every 90 days.
When users change their password, their mobile phone keeps syncing untill it loses session (can be up to 3 days).
After it loses session, the password is compared and the mobile phone reports a credential error every time it syncs (push). After 3 of these errors, the account locks out and the users calls about not getting into Windows anymore.
What is best practise in a case like this? I don't want to turn off the password policy.