Microsoft announced the configuration baseline settings draft release for Windows 10 v1903 (19H1) and Windows Server v 1903. Microsoft’s Aaron Margosis states that the password expiration mechanism which requires periodic password changes is in itself a flawed defense method. Once a password is stolen, mitigation measures should be taken immediately instead of waiting for it to expire as per the set expiration policy. The U.S. National Institute for Standards and Technology (NIST) also advised government organizations to remove password expiration policies and recommends forced password changes only after fraudulent activity is observed.
Source: https://www.bleepingcomputer.com/news/microsoft/windows-10-version-1903-drops-password-expiration-policies/