If you work in a place with a lot of remote users and a password policy with expiration set then you need to give your users a way to reset their passwords. Microsoft ISA / TMG configured with forms based authentication were able to do this out of the box. The good news is Exchange 2010 and 2013 also have the capability, it just needs to be enabled. Change the following registry entry at your own risk.
Go to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeOWA and then create the following REG_DWORD value if it doesn’t already exist ChangeExpiredPasswordEnabled. Once created set the DWORD value to 1.
Once you have done that simply recycle the OWA Web Application under IIS or give IIS itself a restart and your users will now be prompted to change their passwords if they are expired instead of having to call the IT helpdesk.