We are currently investigating how we can best implement this feature.
An error occurred while saving the commentAnonymous commented
Holy freaking heck... this is annoying. Why would you even consider it a good idea to continue to allow expired users login rights? Talking about a bad freaking idea. MSFT - Honor OnPrem AD Password Expiration Dates... How hard is it?
In our support case, MSFT advises powershell to set users to blocked login until they change their password, and then wait for the script to run again to unblock them.