Microsoft is removing its password expiration policy settings from Windows, starting with version 1903. Microsoft has reversed course on the best practices that it has had in place for decades and no longer recommends that organizations require users to change passwords periodically. The biggest issue related to required password changes is that frequent password expirations lead to users choosing weak passwords. Organizations should look for a password management solution that gives them the ability to block users from using passwords that are known to have been compromised. The best way to avoid this problem is to adopt a self-service password reset solution.
Source: https://thehackernews.com/2021/05/is-it-still-good-idea-to-require-users.html