It looks like Microsoft has released the final version of the Windows 10 and Windows Server security configuration baseline settings. As stated, these settings are included as part of the Microsoft Security Compliance Toolkit.

One of the changes announced was the removal of the account password expiration policy. From what I have observed in my work experience, this is a good move. Forcing employees to change their passwords all the time does not result in improved security. When users are forced to change their passwords frequently, most users resort to doing something as simple as increasing the number or letter they have on the end of their passwords. Removing the expiration, or at the very least making expiration much less frequent, results in stronger user passwords.

These documents and Group Policy administrative templates are invaluable tools in hardening one’s Windows infastructure.