Does your company have a policy expiration or rotation policy for email or other sensitive logins. Microsoft has actually stopped recommending rotating passwords. This is from the Office admin portal:
In the past, Microsoft advised admins to make users change their passwords frequently. However, more recent research shows this was ineffective, as users tended to choose passwords that they could remember more easily, which also made their passwords easier for hackers to guess. Setting passwords to never expire is more secure and leads to fewer work stoppages.We recommend adding password security in other ways, such as multi-factor authentication (MFA) and requiring special characters and varied casing in passwords.
We agree that there are better ways to secure your data, such as using 2-Factor Authentication and limiting admin access to those users who really need it.
If you need help securing Office 365 or your company’s other logins, we can help.