User's able to log in after password expiration.

Peter Sill 20 Reputation points
2025-01-27T21:08:19.8633333+00:00

Hello,

My organization has our password policy set to 90-day expiration; however, users are not being forced to sign in and re-authenticate after 90 days. Is there any way to block user access until they update the password?

I'm currently exploring Conditional Access but I'm not having any luck down that avenue.

I understand this is not the best practice. I understand that the recommendation now is for length over complexity. I understand the security implications and everything. The issue is I am the low man on the totem pole and my boss wants this done so I need solutions, even if the answer is it cannot be done, not new best practices. Thank you.

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,701 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,541 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,175 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marcin Policht 35,210 Reputation points MVP
    2025-01-27T21:23:37.36+00:00

    AFAIK, you'd need to implement https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-session-lifetime to accomplish this


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.