Office 365 Password Policy returns Empty Values in PowerShell
July 5, 2018 5 Comments
Regular readers will be aware of a script I wrote some time ago to remind people to change their password, sending them an email when it was due to be changed. I wanted to extend this up to Office 365 but at the time, when I checked it out the relevant data was not exposed by using the Get-MSOLPasswordPolicy cmdlet. Or so I thought.
Whilst chatting with co-conspirator Tim Barrett yesterday he sent me a link to Spice Works where someone named bbeckers had indeed published a modified version of my original script that was talking to Office 365, and, to my surprise was dated back in 2016.
Of course I wanted to try it out, but on my production tenant, the information returned from Get-MSOLPasswordPolicy was an error saying ‘You do not have permission to call this cmdlet’
I tried a client tenant, and the values were exposed correctly.
This reminded me of previous attempts at getting this working, where I wondered if the reason for not displaying the values was that I had my tenant linked to Azure AD, and therefore perhaps an Azure AD password policy was being applied, which was not exposed by PowerShell, so I logged into Azure AD using PowerShell and searched and searched for a cmdlet that would expose the values I was looking for.
In the end i gave up and opened a support case with Office 365 Support.
The first response was ‘You need to be a Global Administrator’, I thought well obviously I am using a Global Administrator, but when I doubled checked, I was not.
I had customised the roles available to this User. So I set it back to a Global Administrator, and tested again.
This time I was shown an empty Password Policy.
Replying to my Office 365 Engineer, I was told ‘Null values are returned when the default settings are in use’.
So changing one of the values in the Password Policy, and then running the command correctly exposes the settings.
Simple when you know why.
Robert, you are the most helpful individual online…thank you. I need your help…if you please. My PC turns WiFi off every time Windows 10 updates. I am forced to roll back the build to an earlier one in order to turn my WiFi back on. If i do not roll back my W-10 and turn on WiFi manually…after 5 seconds my PC turns it back off. Frustrated…6 months now. This last update will not allow me to go back?
What hardware do you have, is there updated drivers for the Wi-fi card?
Hi Robert – Love this post and I have been using the SpiceWorks script for over a year with no issue. However – I need to enable MFA on the account I use for the script. Would you know how that would be possible? i was thinking of trying it with the app password, but i haven’t had any luck. Would love some advice from that brain of yours please
I’d expect the app password should work, I have used it to connect to 365 with an account that uses MFA before. Did you try setting an app password just for PowerShell?
I have but didn’t have much success unfortunately…