Password Policy RRS feed

  • General discussion

  • Microsoft has changed thier password expiration policy so that you must have at least 500+ mailboxes in order for them to go in and set the password expiration policy to never expire, But if you dont have at least 500 mailboxes they wont do this for you. This is rediculos so what they are saying is that if you dont spend a certain amout of money with them they dont want to do this for you. It doesnt matter how many users you have from a technical stand point. From there end it takes the same amount of work. What a pain in the you know what!!!!!!!!!!!

    Wednesday, January 5, 2011 7:17 PM

All replies

  • The reason behind this is the huge amounts of requests that they have to handle. They get alot of single user requests. I beleive the rule should be that only the entire OU should be allowed to request this and only once, instead of the 500+ seat rule.

    Dont mark my words on this but I beleive that Office365 will give the ablity to Admins to set this policy on thier own.



    Microsoft BPOS-S Support Engineer
    Wednesday, January 5, 2011 7:33 PM
  • Thank you very much Brody.

    To confirm, the new requirement is two-fold.  1.  From what Brody has indicated, the Hosting teams have become swamped with requests for single-user password disabling (which has to be redone if the password is ever changed/reset) and 2.  Nowhere in our documentation have we ever indicated this is a supported option.  We have been performing this as an accepted exception, but the management in charge of allocating the resources to perform this task needed to limit the requests so they can have their resources assigned to other tasks.

    Edit: to cover the 500-seat requirement: this was the limit set to minimize the requests for this feature.

    As for Office 365, Brody is correct that you are able to set your own password policies (as long as they are stricter than what we have) as well as disabling password expiration.

    If it wasn't difficult, it wouldn't be fun, but why's it got to be this much fun.
    Wednesday, January 5, 2011 8:43 PM
  • I agree that this is going to create some problems.  Password issues are probably one of the top BPOS issues, and many organizations find it easier to just disabled password expiration all together than deal with their helpdesk getting overwhelmed with password resets every 90 days.

    If it's any consolation we have several free utilities on our website which might help.

    Password Sync - When a user changes their password in AD, it syncs to BPOS

    User Portal - Allows end users to reset their own BPOS password if they forget it

    MSO Manager - Allows the helpdesk to reset user BPOS passwords directly through Active Directory Users and Computers

    Password Expiration Notification Script - Notifies users via email when their BPOS password is about to expire

    All of these solutions can be found at


    Chad Mosman, MessageOps |
    Wednesday, January 5, 2011 9:58 PM
  • Daniel,

    Can you confirm that password expiration can be disabled in Office 365?!

    I have some SME clients who really hate the current 90-day policy, most of them are willing to migrate away from Microsoft Online because of only this issue.
    It also costs a lot of time, since I have to reset passwords way too often.

    I asked the MSOnline webcare team and they said Password Policy can be disabled, but tech support refuses to do that... ("I'm sorry, we don't offer this option anymore"...

    If it can be done in Office 365 that would be really nice!

    Thursday, January 6, 2011 2:06 PM
  • DBrody, 

    I see a few threads concerning password expiration overrides and they conflict.  Your post supports "no overrides for under 500 users".  Is this the official Microsft stance at this time, with no exceptions?  I can't seem to get an answer through Partner forums and a declaration from you would help me answer this question for a customer.  


    Kyle Cole 

    Friday, January 7, 2011 4:03 PM
  • @KyleCole,

    At this moment it is not possible to disable password expiration at all.

    I opened a ticket and technical support told me multiple times they won't offer that option anymore...
    It's disappointing since I loose customers who choose Google Apps over Microsoft Online just because of the password issue.

    It seems to be fixed in Office 365 (it looks like you can disable password expiration with PowerShell on an user basis), but since we don't know the launch date of Office 365, it can take the whole year!

    Tuesday, January 11, 2011 1:40 PM
  • When did they make this policy change?  I remember when I put in a support request in June of 2010 that it took them about 2 days for them to turn it off for our whole company (about 6 users) and none of our passwords expire now.

    I don't understand why MS doesn't let the admins control most of it.  I think with move to Office 365 sometime, we will have more control.

    ------------------- Reitzel Technology
    Wednesday, January 12, 2011 3:48 AM
  • That is bad not to have provided full access to define those types of settings.  And to refuse to do it on behalf of a customer if their payments don’t meet or exceed a threshold is horrifying.  To go against customer wants is short sighted.  Microsoft financials relay that cloud products in this family lose (at least) half a Billion Dollars every quarter.  Hmmm….  I wonder why?  Keep metaphorically spitting in your customers coffee and don’t be surprised when customers avoid your offering like the plague. 

    Microsoft has a bad habit of losing sight of the power position.  The person that pays out the money for a good or service is the employer.  The person that receives money in exchange for time, services or goods is he employee.  I gave you money for a service; I am in charge, I get accommodated.  This idea that everyone should be so desperate to have your product that they would camp out for a week on the street is not reality.  That mentality is sick and has no semblance to how things actually work outside of when a consumer is getting a product for free or at a gross discount. 

    It was my understanding that the idea of this product was to be a viable cloud alternative to an onsite Exchange Environment.  If that is to be the case; give admins the control to administer their environment as they see fit in the same manners as they could with the traditionally implementation of the Exchange product.


    Sunday, January 23, 2011 8:34 AM
  • Mickeysoft introduced new policy on January 3rd :(

    For me it's also a huge issue on sites where many users have BIS Blackberry plans - as they need to change their MSOS password, their Blackberry accounts need revalidation too. Thankfully, guys from MessageOps really make our lives a bit easier with their emencfully useful scripts...

    Monday, January 24, 2011 1:06 PM
  • What else to say, when number of companies offers Hosted Exchnage on Exchnage 2010 and Sharepoint 2007 whilst MS still only has Exchnage 2007 and sharepoint 2003 on the cloud.... Now, the sole advantage of having Exchnage on BPOS for me is the mailbox size and Forefront that is integrated, everything else needs a lot of improvement.
    Monday, January 24, 2011 1:09 PM
  • Ya , before that they also said just open ticket then can set account to never expire .. now they changed the policy without inform us and users have to change password . The solutions they gave is ask administrator to reset the password for them using powershell ... but the tricks is the administrator will know all their password. A bit not practical .

    For those interesed to this option you can do so :

    1)Download the powershell console from migration tab

    2)issue command : set-msonlineuserpassword -identity -Password P@55w0rd -changepasswordonnextlogon $false

    They claims it able to set back previous password but u need do your own scripts to run every three months.





    Tuesday, January 25, 2011 2:13 AM
  • Posting on a bunch of old entries so it's easier for people to find...

    This is necessary ANY TIME YOU CREATE A NEW USER.  I've also read that resetting a single password in the Domain will remove the setting and passwords will begin expiring in 90 days again.

    I haven't verified (yet) that the Microsoft Online Services Sign-In Assistant is necessary, but you will have to install the Microsoft Online Services Module for Windows PowerShell.  Links can be found here:

    Through trial and error, the least painful way to accomplish this is to PASTE the following into PowerShell:

    import-module MSOnline
    Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true

    At the second line, you will be prompted to log in, use an account that has Admin rights for the domain.


    This is currently effective for Office365 Exchange Online as of 9/18/2012.  I added this because they seem to keep changing things on me.

    Tuesday, September 18, 2012 8:32 PM