Home > Microsoft > Configure App Profiles or Service Account Profiles > Create Service Account Profiles > Password Limitations and Requirements of Microsoft 365 Accounts
Export to PDFPassword Limitations and Requirements of Microsoft 365 Accounts
The table below details the password limitations and requirements of Microsoft 365 accounts. Note that the password limitations and requirements are from Microsoft 365.
| Property | Requirements |
|---|---|
| Characters Allowed | ● A-Z● a-z● 0-9● @ # $ % ^ & * - _ ! + = [] {} |
| Characters Not Allowed | ● Unicode characters● Spaces● Strong passwords only: Cannot contain a dot character (.) immediately preceding the @ symbol. |
| Password Restrictions | ● Eight (8) characters to the minimum and sixteen (16) characters to the maximum● Strong passwords only: Three of the following are required:○ Lowercase characters○ Uppercase characters○ Numbers (0-9)○ Symbols (see the symbols listed in Characters Allowed above) |
| Password Expiry | By default, password expiry is enabled.If you want to disable it, navigate to Microsoft 365 > Admin center > Settings > Security & privacy > Password policy, click Edit, and then click the Off (.png "('image35', 'Button: Off')")) button. |
| Password Expiry Duration | By default, a password will expire in 90 days.If you want to change the duration, navigate to Microsoft 365 > Admin center > Settings > Security & privacy > Password policy, click Edit, and then modify the number in the Days before passwords expire field. |
| Password Expiry Notification | By default, a password expiry notification will be sent to users 14 days before the password expires.If you want to change the notification time, navigate to Microsoft 365 > Admin center > Settings > Security & privacy > Password policy, click Edit, and then modify the number in the Days before a user is notified about expiration field. |
On this page