We help IT Professionals succeed at work.

MS 365 Password Policy - Global Admin Accounts

93 Views
Last Modified: 2018-04-10
Can someone help me in regards to MS 365 Password Policy.

I know i can set a password policy on 365. Pretty simple to do, but would this also apply to the global admin/owner account also?

I would like everyone's password in the 365 domain to request change at a certain date. Doing research and testing on powershell, i can see that the global admin/owner account does not have a value when i process the Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpire . It is blank.

I know i can set this manually by running a set script in Powershell but there must be a reason why MS decided not to include it. Quite silly to have it not changeable in my opinion...

your help is greatly appreciated.
Comment
Watch Question

Adam the 32-bit AardvarkSoftware Developer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thank you code!

I was thinking the same. Also, in regards to AD sync. I do not personally use it for 365, just for their mail etc but it could be a feature in the backend for MS? I'm just cautious of setting the value back to expire for a particular reason. Either way, I've submitted a response to MS and await their reply which i'll post back here.
Adam the 32-bit AardvarkSoftware Developer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thank you.

I think in my scenario...

There is a small company of 4 members of staff which has the most simplest of setup. The owner has bought 365 but doesn't do any of the admin side, I do for their mail. Although, i'm not an active support user for them, as i would like them to be as much independent to an extent but would like to protect their security also. So as their admin, i don't go on the console as often, thus possibly missing the password expiry. The only impact i could see with a global admin account expiring, would be that the owner would have to go through the password recovery setup, which is fine.
Adam the 32-bit AardvarkSoftware Developer
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Technology Solutions Professional
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
That makes sense if it is blank! Thank you everyone for your help. I just used set-mslouser to ensure that field was set to $false to expire.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.