0

Question: In Azure SQL Managed Instance, what is the procedure for setting Password Expiration when using Azure Active Directory (AAD) Authentication? As shown below, in SSMS, I see Password Expiration option is grayed out:

enter image description here

nam
  • 21,967
  • 37
  • 158
  • 332

1 Answers1

0

To set Password expiration policy for Azure AD user accounts, you need to have Global Administrator role on your tenant.

If you don't have that role, contact admin and get yourself assigned with Global Administrator role like below:

Go to Azure Portal -> Azure Active Directory -> Users -> Select user -> Assigned roles -> Add assignments

enter image description here

Login to Microsoft 365 admin center with above Global admin credentials and follow below steps to set password expiration policy:

Go to Microsoft 365 admin center -> Settings -> Org settings -> Security & privacy

enter image description here

By default, this option is set to passwords never expire for entire organization like below:

enter image description here

If you want to set password expiration for particular number of days, uncheck the box and enter the number like below:

enter image description here

If you want to set password expiration policy for specific user, you can use below PowerShell commands:

Connect-AzureAD

#To check the expiration policy for a password of specific user
Get-AzureADUser -ObjectId <userID/UPN> | Select-Object UserprincipalName,@{
    N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}  
}  

#To set password to expire
Set-AzureADUser -ObjectId <userID/UPN> -PasswordPolicies None 

Response:

enter image description here

Reference: Set an individual user's password to expire - Microsoft

Sridevi
  • 10,599
  • 1
  • 4
  • 17