This content is part of the Essential Guide: The essential Office 365 migration guide

How to change an Office 365 password policy using PowerShell

Though not obvious, you must use PowerShell to change an Office 365 password policy. Learn about the required connections steps and cmdlets you will need.

I recently noticed that my Windows phone stopped receiving email from my Office 365 account. After a few troubleshooting...

attempts, I discovered that my Office 365 password had expired, and because I was on my smart phone, I never received an expiration warning. Resetting my password was easy enough, but I also wanted to change my password policy; this job required PowerShell.

Getting started with PowerShell in Office 365

Microsoft Office 365's administrative console is really just a Web front-end that executes PowerShell commands behind the scenes. That said, it's not obvious that Office 365 management can be accomplished via PowerShell.

If you're familiar with the Office 365 interface, you know that there is no clickable icon that brings you to the Exchange Management Shell. To use PowerShell, you must jump through a few hoops.

To begin, download and install the Microsoft Online Services Module. The Microsoft Online Services module extends PowerShell with a few Office 365 cmdlets.

Before setting your Office 365 password policy, you must set PowerShell to allow scripts to run. Also, I advise setting the execution policy to RemoteSigned. To do so enter the following command:

Set-ExecutionPolicy RemoteSigned

Because there's a lot of typing involved in establishing PowerShell connectivity to Office 365, I suggest building a PowerShell script and naming it O365.ps1. The text file should look something like the following:

 Set-ExecutionPolicy RemoteSigned Import-Module MSOnline $Cred = Get-Credential $MySession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $Cred -Authentication Basic -AllowRedirection Import-PSSession $MySession 

To run the script, open PowerShell and enter ./ plus the filename (./o365.ps1). Windows will prompt you for your Office 365 credentials (Figure 1).

Enter Office 365 administrative credentials.

Figure 1. Enter your Office 365 administrative credentials.

Enter your administrative credentials and you'll see a message telling you your connection has been redirected (Figure 2).

The Office 365 connection has been redirected.

Figure 2. Your connection has been redirected.

Microsoft does place some restrictions on Office 365, but for the most part, you can fully manage your Exchange environment from PowerShell. To begin managing the online environment, enter the Connect-MsolService cmdlet.

Note: You may be prompted to enter your administrative credentials once again. You have the option to embed the Connect-MsolService cmdlet into the script you created earlier if you like.

Working with Office 365 user accounts

In a normal PowerShell environment, you can use the Get-User cmdlet to retrieve information about Active Directory users. In an Office 365 environment, you have to use a slightly different command because you're retrieving user information from a remote Active Directory forest. To retrieve a list of the Office 365 users, use the Get-MsolUser cmdlet.

One of the pieces of information this cmdlet returns is the User Principal Name (UPN). You can use this name to retrieve more detailed information about an individual account. To do so, enter the following command:

Get-MsolUser –UserPrincipalName <username>

Now we can check whether or not each user’s Office 365 password expires. To do so, enter the following command:

Get-MsolUser | ft DisplayName, PasswordNeverExpires

When you execute this command, PowerShell will display each user’s name alongside a PasswordNeverExpires column. This column contains a value of True or False. The True value denotes that the Office 365 password does not expire. A False value denotes that the password will eventually expire.

For example, if you want to change your Office 365 password policy to make sure passwords never expire, you must change the PasswordNeverExpires value. If you want to change this value for a single user, use the following command:

Get-MsolUser –UserPrincipalName <username> | Set-MsolUser –PasswordNeverExpires <$True | $False>

If you want to change the PasswordNeverExpires value for all Office 365 users, use the same basic command, but omit the reference to the UPN. The resulting command looks like the following:

Get-MsolUser | Set-MsolUser –PasswordNeverExpires <$True | $False>

This same basic technique can be used to modify any of the online user’s attributes.

Remember that this is only one example of how you can use PowerShell with Office 365. You can also use PowerShell to assign storage quotas, manage retention policies and much more.

About the author: 
Brien Posey is an eight-time Microsoft MVP with two decades of IT experience. Before becoming a freelance technical writer, Posey worked as chief information officer at a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the nation's largest insurance companies and for the Department of Defense at Fort Knox.

Dig Deeper on Exchange Server setup and troubleshooting