User passwords SHALL NOT expire.

Why This Matters

Expired passwords force users to reset credentials, which often leads to weaker passwords or help desk calls. Without expiration, users can set and remember complex, non-expiring passwords that reduce the risk of password-related breaches. This check helps you eliminate unnecessary password resets that can lower security posture.

What Aether365 Checks

Aether365 verifies that the tenant’s password policy is configured to never expire user passwords. This check appears in the Aether365 dashboard under the Entra ID service category.