N00b2015
asked on
MS 365 Password Policy - Global Admin Accounts
Can someone help me in regards to MS 365 Password Policy.
I know i can set a password policy on 365. Pretty simple to do, but would this also apply to the global admin/owner account also?
I would like everyone's password in the 365 domain to request change at a certain date. Doing research and testing on powershell, i can see that the global admin/owner account does not have a value when i process the Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpire . It is blank.
I know i can set this manually by running a set script in Powershell but there must be a reason why MS decided not to include it. Quite silly to have it not changeable in my opinion...
your help is greatly appreciated.
I know i can set a password policy on 365. Pretty simple to do, but would this also apply to the global admin/owner account also?
I would like everyone's password in the 365 domain to request change at a certain date. Doing research and testing on powershell, i can see that the global admin/owner account does not have a value when i process the Get-MSOLUser | Select UserPrincipalName, PasswordNeverExpire . It is blank.
I know i can set this manually by running a set script in Powershell but there must be a reason why MS decided not to include it. Quite silly to have it not changeable in my opinion...
your help is greatly appreciated.
Last Comment
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you.
I think in my scenario...
There is a small company of 4 members of staff which has the most simplest of setup. The owner has bought 365 but doesn't do any of the admin side, I do for their mail. Although, i'm not an active support user for them, as i would like them to be as much independent to an extent but would like to protect their security also. So as their admin, i don't go on the console as often, thus possibly missing the password expiry. The only impact i could see with a global admin account expiring, would be that the owner would have to go through the password recovery setup, which is fine.
I think in my scenario...
There is a small company of 4 members of staff which has the most simplest of setup. The owner has bought 365 but doesn't do any of the admin side, I do for their mail. Although, i'm not an active support user for them, as i would like them to be as much independent to an extent but would like to protect their security also. So as their admin, i don't go on the console as often, thus possibly missing the password expiry. The only impact i could see with a global admin account expiring, would be that the owner would have to go through the password recovery setup, which is fine.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
That makes sense if it is blank! Thank you everyone for your help. I just used set-mslouser to ensure that field was set to $false to expire.
Microsoft Office
Microsoft Office is an integrated suite of applications that includes Outlook, Word, Excel, Access, PowerPoint, Visio and InfoPath, along with a number of tools to assist in making the individual components work together. Coding within and between the projects is done in Visual Basic for Applications, known as VBA.
80K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
I was thinking the same. Also, in regards to AD sync. I do not personally use it for 365, just for their mail etc but it could be a feature in the backend for MS? I'm just cautious of setting the value back to expire for a particular reason. Either way, I've submitted a response to MS and await their reply which i'll post back here.