Every 15 days we are receiving "invalid_grant" response when our application tries to retrieve Contacts/Calendar Events from Office 365. We have verified the settings and password policy is set to default value (90) and application authorization is not revoked from Office 365 account. Adding to this User password is not changed manually.
So any specific reason for this behavior?
Yes there is a reason. If a user got locked out and had to reset his password or any other invalid tries to login to Azure AD (Which authenticates users against o365) will invalidate the refresh token that your app has. therefore, an application will handle the changed password (old refresh token) gracefully by throwing this error. In this case, you app should redirect the user to the authorization page to authenticate the user.
Hope this helps.