A password policy can define the password characters' minimum length, when and if the password expires, and password strength. The password expiration policy determines the Days before passwords expire and the Days before a user is notified about expiration, as shown in the following screenshot:
The number of days before a password expires can range from 14 to 730 days, and the number of days before a user is notified can range from 1 to 30 days.
When an organization decides to sync user passwords from an on-premises Active Directory to Azure Active Directory, existing local password policies will govern the minimum requirements, such as the following:
- Length
- History
- Expiration time
- Complexity
Setting a simple password policy can help reduce user confusion and help desk support tickets within an organization.