AADB2C: Password Expiration
Unlike Azure AD, B2C does not allow you to set a password expiration policy. Please allow similar capability in B2C to set both a password expiry as well as the length prior to a notice being sent to the user before their password expires.
This is not planned for the next 6 months, however it is on the roadmap.
Richard Beesley commented
Any update on this? Whilst I agree with @Bill regarding password expiry can cause weak passwords, there isn't enough in B2C to force stronger passwords at the moment.
If there were AAD features such as the globally banned list (https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad) then it would be more acceptable but at the moment I can still choose "P@ssw0rd" and pass the complexity rules.
has this feature been released ? is tehre a way to use MSOLservice to command B2C tenant local users ?
@Dennis: NIST no longer recommends a password expiry since it often results in worse passwords:
[Deleted User] commented
Can we get an update? Can this be done already in Azure AAD B2C ? I did a quick search an cannot find any documentation for this.