Password Limitations and Requirements of Microsoft 365 Accounts

The table details the password limitations and requirements of Microsoft 365 accounts. Note that the password limitations and requirements are from Microsoft 365.

Property	Requirements
Characters Allowed	A-Z a-z 0-9 @ # $ % ^ & * - _ ! + = [] {} \| \ : ’ , . ? / ` ~ ” () ;
Characters Not Allowed	Unicode characters Spaces Strong passwords only: Cannot contain a dot character (.) immediately preceding the @ symbol.
Password Restrictions	Eight (8) characters is the minimum and sixteen (16) characters is the maximum Strong passwords only: Three of the following are required: Lowercase characters Uppercase characters Numbers (0-9) Symbols (see the symbols listed in Characters Allowed above)
Password Expiry	By default, password expiry is enabled. If you want to disable it, navigate to Microsoft 365 > Admin center > Settings > Security & privacy > Password policy, click Edit, and then click the Off button.
Password Expiry Duration	By default, a password will expire in 90 days. If you want to change the duration, navigate to Microsoft 365 > Admin center > Settings > Security & privacy > Password policy, click Edit, and then modify the number in the Days before passwords expire field.
Password Expiry Notification	By default, a password expiry notification will be sent to users 14 days before the password expires. If you want to change the notification time, navigate to Microsoft 365 > Admin center > Settings > Security & privacy > Password policy, click Edit, and then modify the number in the Days before a user is notified about expiration field.