How to check the password expiration policy for users in AzureAD

What you will learn:This post will teach you how to check the password expiration policy for your users in AzureAD.

Step by step on how to check the password expiration policy:First of all, it is necessary to connect to Azure AD from PowerShell with the command below.

  1. Run PowerShell as administrator then Run the Connect-AzureAD cmdlet to connect an authenticated to Azure Active Directory.
  2. Enter your Azure administrator username
  3. Click next
  4. Enter your password Azure administrator password

This command connects the current PowerShell session to an Azure Active Directory tenant. The command prompts you for a username and password for the tenant you want to connect to. If multi-factor authentication is enabled for your credentials, you must log in using the interactive option or use service principal authentication. To learn more about the Connect-AzureAD cmdlet check the Microsoft documentation.

If you connected successfully to AzureAD it should display the message below.

Now that you are connected to the AzureAD you have two options; We can ran a command to check the Password never expires setting for an individual user accountor to list the settings for all user accounts.

To see if a single user’s password is set to never expire, run the following cmdlet by using the UPN (example, or the user ID of the user you want to check:

Get-AzureADUser -ObjectId | Select-Object @{N=”PasswordNeverExpires”;E={$_.PasswordPolicies -contains “DisablePasswordExpiration”}}

To see all users’s Password never expires setting, run the following cmdlet:

Get-AzureADUser -All $true | Select-Object UserPrincipalName, @{N=”PasswordNeverExpires”;E={$_.PasswordPolicies -contains “DisablePasswordExpiration”}}

After you finish working with AzureAD remember to Disconnect your session from the tenant.Use the Disconnect-AzureAD cmdlet which disconnects the current session from the Azure Active Directory tenant.