Windows 10 supports two types of accounts. One is the classic local account available in all previous versions of Windows, while the other is the modern Microsoft account associated with the company's cloud services.
Prior to Windows 10 of the 1903 version, Microsoft used password expiration policies for better security dating to earlier versions of Windows NT.
This changes (at last) with the new version.
In short, Microsoft states:
If a password is violated, it should be changed immediately. If the password has not leaked, there is no need to change it. Temporary password change can cause users to forget their new password or write it somewhere (to remember it) from where it can be traced.
The official publication in the blog of the company says:
Why are we abolishing our password expiration policies?
First, to avoid inevitable misunderstandings, we are only talking about removing password termination policies, and we do not propose changes to the requirements for the minimum password length or complexity.
Periodic password expiration is a solution against the possibility of a password (or hash) being stolen during its validity period and used by an unauthorized entity. If the password is never stolen, you do not have to end it. And if you have proof that a password has been stolen, you would probably change it immediately rather than waiting for the fix to fix the problem.
Periodic password expiration is an ancient and outdated mitigation of very low value, and we do not think it is useful to impose it. At the same time, we should reiterate that we recommend the additional protections.
Therefore, password expiration policies will be past the upcoming version of Windows 10 1903.