Where does the "Expiring Passwords" data come from? For example, my AD account is set to expire in a couple of days, so I would expect to see it in this list but it's not there. Does this list populate off of an account's actual expiration date? Or is it populated based on the Password Policy and the last password reset done in the Via interface?
The latter. The product does not collect info about passwords from endpoints. So the expiration is based on the password policy and the last time it was reset through the product.