Office 365 Password Policy returns Empty Values in PowerShell

o365-logo1Regular readers will be aware of a script I wrote some time ago to remind people to change their password, sending them an email when it was due to be changed. I wanted to extend this up to Office 365 but at the time, when I checked it out the relevant data was not exposed by using the Get-MSOLPasswordPolicy cmdlet. Or so I thought.

Whilst chatting with co-conspirator Tim Barrett yesterday he sent me a link to Spice Works where someone named bbeckers had indeed published a modified version of my original script that was talking to Office 365, and, to my surprise was dated back in 2016.

Of course I wanted to try it out, but on my production tenant, the information returned from Get-MSOLPasswordPolicy was an error saying ‘You do not have permission to call this cmdlet’

Permisison Denied

I tried a client tenant, and the values were exposed correctly.

This reminded me of previous attempts at getting this working, where I wondered if the reason for not displaying the values was that I had my tenant linked to Azure AD, and therefore perhaps an Azure AD password policy was being applied, which was not exposed by PowerShell, so I logged into Azure AD using PowerShell and searched and searched for a cmdlet that would expose the values I was looking for.

In the end i gave up and opened a support case with Office 365 Support.

The first response was ‘You need to be a Global Administrator’, I thought well obviously I am using a Global Administrator, but when I doubled checked, I was not.

I had customised the roles available to this User. So I set it back to a Global Administrator, and tested again.

This time I was shown an empty Password Policy.

Null Value

Replying to my Office 365 Engineer, I was told ‘Null values are returned when the default settings are in use’.

So changing one of the values in the Password Policy, and then running the command correctly exposes the settings.

Non Default

Simple when you know why.

About Robert Pearman
Robert Pearman is a UK based Small Business Server enthusiast. He has been working within the SMB IT Industry for what feels like forever. Robert likes Piña colada and taking walks in the rain, on occasion he also enjoys writing about Small Business Technology like Windows Server Essentials or more recently writing PowerShell Scripts. If you're in trouble, and you can find him, maybe you can ask him a question.

5 Responses to Office 365 Password Policy returns Empty Values in PowerShell

  1. rlikis says:

    Robert, you are the most helpful individual online…thank you. I need your help…if you please. My PC turns WiFi off every time Windows 10 updates. I am forced to roll back the build to an earlier one in order to turn my WiFi back on. If i do not roll back my W-10 and turn on WiFi manually…after 5 seconds my PC turns it back off. Frustrated…6 months now. This last update will not allow me to go back?

  2. Antonio says:

    Hi Robert – Love this post and I have been using the SpiceWorks script for over a year with no issue. However – I need to enable MFA on the account I use for the script. Would you know how that would be possible? i was thinking of trying it with the app password, but i haven’t had any luck. Would love some advice from that brain of yours please

Leave a reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: