Manage Learn to apply best practices and optimize your operations.
This article is part of our Essential Guide: The essential Office 365 migration guide

How to change Office 365 user passwords via PowerShell

Sorry if you’re a bit weary of hearing reasons why PowerShell is so important. Here’s one more: you’ll need it for password management in Office 365.

Whether you’re managing Exchange Server or Windows Server, password management is an important task for any administrator....

The song remains the same for Office 365. Because Microsoft gives you better control of Office 365’s features and functions at the command line, you should know the commands you’ll need to change users’ passwords from there, as well as how to set them to never expire when the situation warrants it.

Carrying out administrative tasks using Office 365’s Web-based GUI is in many ways more difficult than managing them in Windows. In Windows, you’re responsible for a wide range of configuration tabs that house all the properties associated with each user. Dealing with them in Office 365 adds the extra overhead of the Web, plus you have to wait for Web pages to refresh.

Office 365’s administrative console is essentially a “skin” for PowerShell commands that perform the actual work. Any user management that can be performed via the GUI can also be done at the command line -- if you’ve got the right commands.

Two common activities associated with users are changing their passwords and, for the privileged few, setting passwords to never expire. By default, Office 365 requires user passwords to be changed every 90 days. In my experience, this can be a nuisance when excessive security isn’t of utmost importance.

Changing a user’s password requires knowing his UserPrincipalName, which maps to the primary login credential associated with said user. For most users, the UserPrincipalName looks like the following:

Armed with that info, you can use the following PowerShell command to change the user’s password:

Set-MsolUserPassword -UserPrincipalName -NewPassword "P@ssw0rd!"

In certain cases, you might not need to change a password to anything specific, but instead to a random value. Office 365 can supply that random password for you by eliminating the –NewPassword argument. The cmdlet looks like this:

Set-MsolUserPassword -UserPrincipalName

After running the above command, Office 365 will display the password it generates, which you can then share with your users.

With a tip of the hat to security best practices, there occasionally comes a time when a user’s account shouldn’t undergo a regular password change. Using Office 365’s PowerShell, you can set those passwords to never expire with the following command:

Get-MsolUser -UserPrincipalName | Set-MsolUser -PasswordNeverExpires $true

Note that the command actually sets the user’s PasswordNeverExpiresproperty to $true. If you want to verify whether a user’s password will expire or not, use the following command:

Get-MsolUser -UserPrincipalName |fl *

In the list that appears, look for the PasswordNeverExpires property. You’ll find it along with the surprisingly short list of other user properties that Office 365 tracks.

Greg Shields,
MVP, is a partner and principal technologist with Concentrated Technology. An IT industry analyst, author, speaker and trainer, you can find Greg at

This was last published in June 2012

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

So you can have passwords expire at the annoyingly short interval of 60 days, or you can have them never expire?

Is there any way to set a happy medium, or has Microsoft screwed us again with undocumented "features"?
you can have the passwords expire anywhere between 14 and 730 days. just go to the users page and click set password expiration policy
How about if I am doing a 200 user migration from pop and want to reset all their passwords to the same thing? The idea is, set them all to same password, set up their outlook, then change the password once they are set up. (nice article by the way)
...and get around the reset flag
Any way to set the password without displaying it in plain text?