Ensure the 'Password expiration policy' is set to 'Set passwords to never expire (recommended)'

Why This Matters

Enforcing a password expiration policy can lead to users creating weaker, predictable passwords that follow patterns based on the expiration cycle. Modern security research from organizations like NIST and Microsoft now recommends against mandatory password expiration, as it often undermines overall password security by encouraging reuse and simple variations.

What Aether365 Checks

This check verifies that the "Password expiration policy" in Microsoft 365 is configured to "Set passwords to never expire (recommended)". It appears in the Aether365 dashboard under the microsoft-365 category as part of the CIS benchmark.