Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)'
Why This Matters
Forcing users to change passwords at regular intervals has been shown by NIST and Microsoft to reduce overall security. Users tend to choose weaker passwords or reuse minor variations when required to change frequently. This setting removes that arbitrary expiration, and combined with Multi-Factor Authentication and banned password lists, creates a stronger authentication posture.
What Aether365 Checks
Aether365 verifies that the password expiration policy in Microsoft Entra ID is set to never expire passwords for cloud-only accounts. This check appears in the Aether365 dashboard under the Entra ID security checks section (ID: ENTRA.1153).
How to Fix
To configure passwords to never expire using the Microsoft 365 Admin Center: