Share via

Disable Password Expiration on Specific Accounts

Sig 41 Reputation points
2022-02-23T14:09:26.967+00:00

Hi community members!

We currently run on an Azure AD Free plan and we have just activated MFA for some users.
For the same users, I'd like to remove the expiration limit on their password (we currently have a 365 days expiration period defined as a global setting).

After some googling, it seems to be the only possible way to achieve so is via PowerShell (Set-AzureADUser -ObjectId <user ID> -PasswordPolicies DisablePasswordExpiration) since such a feature is not available via the GUI. Am I right?

Since I'm on a Mac, the easiest way seems to use the Azure Cloud Shell, but, when I try I get a "No valid subscriptions found - You need an Azure subscription to use Azure Cloud Shell." error. Therefore, I assume with our current Free plan I can't access such a feature and remove the password expiration limit on specific users. Correct?

Which subscription should I have to be able to access the Azure cloud Shell and set specific password expiration limits?

Thanks,

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Siva-kumar-selvaraj 15,721 Reputation points
    2022-02-23T20:21:23.08+00:00

    Hello @Sig ,

    Thanks for reaching out.

    You must have a valid Azure subscription in order to use Azure cloud Shell (PowerShell/Bash CLI) and here are cloud shell pricing details for your reference.

    Alternatively, you could either use Microsoft Graph explorer in any browser or Microsoft Graph PowerShell module which works with PowerShell 7 and later and on all platforms including Windows, macOS, and Linux. It's also compatible with Windows PowerShell 5.1 as detailed below to disable Password Expiration on Specific Accounts. Hope this helps.

    Microsoft Graph PowerShell module:
    --
    Install Core PowerShell on Mac
    Install Graph Module
    Authenticate to MS Graph using Connect-MgGraph -Scopes User.ReadWrite.All
    Update Password policy by using Update-MgUser -UserId {userobjectid} -PasswordPolicies DisablePasswordExpiration

    177308-image.png

    Microsoft Graph explorer:
    --
    Login with your work account to http://aka.ms/ge with privileged user/global admin account and use beta version to make a patch HTTP call to https://graph.microsoft.com/v1.0/users/{UPN/ObjectID} endpoint along with following value in BODY {"passwordPolicies": "DisablePasswordExpiration"} section as shown in below example:

    177307-image.png

    -----
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.