Yes. Users with passwords that are flagged to ‘never expire’, but are being monitored by Enzoic, are still subject to policy enforcement. 


For example, if you have a user with a password set to ‘never expire’, but at some point their password becomes compromised, they will still be forced to reset (if this is the policy you have set up in the Enzoic console).


Additionally, if a password is set to ‘never expire’ and the user is forced to change their password, Windows will disable the 'never expire' flag within ADUC, and it will need to be reset manually.


If you have users that truly need their passwords to never expire (even if compromised), we suggest excluding them from being monitored within the Enzoic Console.