🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.

How to Check Users Last Password Change Date in Microsoft 365

Are you spending hours tracking the last password change date and time for each account? There’s a better way! This guide will show you how to efficiently identify the last password change date and time to identify users with expiring passwords. Explore techniques to proactively manage password lifecycles, prevent lockouts, and keep your users productive.

Native Solution

Microsoft 365 Permission Required

High

Global Admin, Help Desk Admin, Password Admin.

Option 1 Using Microsoft Entra Admin Center

  • Sign in to the Microsoft Entra admin center.
  • Navigate to All users tab under Users» Active Users.
  • Click on Manage view and select Edit columns.
  • Choose Last password change date time from the 'Edit column' page and save the view.
  • You can now view the 'Last password change date time' for every user in the tenant.
Using Microsoft Entra Admin Center

Option 2 Using Windows PowerShell

  • Follow the steps suggested below to get users last password change date time in your organization using PowerShell.
  • Connect to Microsoft Graph PowerShell using the below cmdlet.
  • Windows PowerShell Windows PowerShell 
     Connect-Graph -Scopes User.Read.All, Organization.Read.All
  • Run the following cmdlet to get Microsoft 365 users last password change date.
  • Windows PowerShell Windows PowerShell 
     Get-MgUser  -all -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime  | Select-Object -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime
Using Windows PowerShell

Option 3 Using PowerShell Script

  • Despite the admin center and PowerShell cmdlets providing the last password change date and time, generating insightful password reports will be challenging.
  • Our PowerShell script offers a significant enhancement over existing methods by providing password change dates in a more user-friendly format.
  • Additionally, it enriches the data with vital insights such as days since password last set, password expiry date, days since expiry/days to expiry, etc.
  • Download the script and run it in Administrator PowerShell.
PasswordExpiryReport.ps1
Using PowerShell Script
AdminDroid Solution
More than 150 reports are under the free edition.

Microsoft 365 Permission Required

Delegated

Any user with report access assigned by Super Admin.

StepsUsing AdminDroid

ad
  • Login to the AdminDroid Office 365 portal.
  • Navigate to the Recent Password Changers report under Reports»Security»Password Reports.
Using AdminDroid

Export the users last password change date time, expiration date, etc., to a CSV file or in any other preferred format.

combo-view
  • Easily track never changed password users, those with expired passwords, and daily password change counts with our built-in graphs.
geo-map
birds-eye-chart
donut
exported-excel
pie-chart
alert
Explore a full range of reporting options

Level up your security with clear M365 password reports!

Don't get locked out ! Keep your users' account secure by checking their last password change date with AdminDroid's Microsoft 365 password reports effectively.

Witness the report in action using the

Live Demo

Important Tips

Enable Self-Service Password Reset (SSPR) in Microsoft 365 to empower users to reset their passwords and reduce administrative dependence.

Strengthen your Microsoft 365 password policy by leveraging Azure AD Password Protection and elevate password security.

Ensure password security with Microsoft 365 smart lockouts to prevent brute force attacks and credential stuffing.

Azure ADManage User Passwords Effectively with Password Reports in Microsoft 365

Showing 1 of 5
How to find password never changed users in M365? How to identify users with passwords older than 90 days using PowerShell? How to force password change for all users in Microsoft 365? How to enable self-service password reset (SSPR) in Microsoft 365? How to send password expiry notification to M365 admins?

How to find password never changed users in M365?

Micriosoft 365 users who never change their passwords pose a significant security risk due to increased vulnerability to credential theft and compliance violations. So, it is mandatory to check password changes regularly.

There is no exact method or option to find a user who never changed a password in Microsoft 365. However, we can identify those users by comparing the Last password change date time and Created date time columns.

Follow the below steps.

  • Sign in to the Microsoft Entra admin center.
  • Navigate to the 'All users' tab under Identity»Users.
  • Click on 'Manage view' and select 'Edit columns'.
  • Choose 'Created date time' and 'Last password change date time' from the Edit column page and save the view.
password-never-changed-user-faq1

By using AdminDroid's Password Never Changed Users report, identify and address accounts with outdated credentials effectively.

  • It gives details, such as UPN, Microsoft 365 user creation time, password expiration date, weak password status, etc.
  • You can save the report in your local using 'Download/Export' option.
pass-nc-ad-faq1

How to identify users with passwords older than 90 days using PowerShell?

Many organizations enforce password policies requiring users to change their passwords every 90 days or (appx 3 months). However, some users may not consistently adhere to these guidelines. This lack of compliance can lead to account lockouts and decreased productivity, posing security risks.

There is no direct method to find password age. However, we can find the users who haven't changed their passwords for the last 90 days using PowerShell.

Connect to the Microsoft Graph module and run the below cmdlets.

Connect-MgGraph
$PolicyDays = (Get-Date).AddDays(-90)
$users=Get-MgBetaUser -All -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime, PasswordPolicies |  Where-Object {$_.LastPasswordChangeDateTime -lt $PolicyDays } $users | Select-Object DisplayName, UserPrincipalName, LastPasswordChangeDateTime

Using AdminDroid's Password Not Changed in 90 Days report, you can easily track the users who have not changed their password in the last 90 days, ensuring timely updates for better security.

  • Beyond the standard 90-day cycle, the report interface allows you to filter users with password ages greater than 30, 60, 90, 180, or any custom duration as per your organization’s policy.
  • This flexibility ensures that you can effectively monitor and manage password policies tailored to your security requirements.
password90days-faq2

How to force password change for all users in Microsoft 365?

When Microsoft 365 users are attempting to sign in with incorrect passwords or accessing from restricted locations, the first line of defense is to enforce a password reset. This prevents unauthorized access of an attacker who guessed a previously used password.

Run the following cmdlet to force a password change for all M365 users.

Connect-MgGraph -Scopes User.ReadWrite.All $Allusers = Get-Mguser –all         $PasswordProfile =@{ForceChangePasswordNextSignIn=$true} Foreach ($user in $Allusers) {$upn=$user.UserPrincipalName Update-MgUser  –UserId $upn            -PasswordProfile  $PasswordProfile}

Run the below cmdlet to force change password for a single M365 user.

Connect-MgGraph -Scopes User.ReadWrite.All      $PasswordProfile=@{ForceChangePasswordNextSignIn=$true} Update-MgUser -UserId <UPN> -PasswordProfile  $PasswordProfile

Admins enforce Microsoft 365 password resets for ensuring security, compliance, and preventing unauthorized access.

  • Use AdminDroid's Password Reset by Admin report to proactively monitor the user password reset events forced by admins in your organization.
  • You can also set this report to send real-time alerts using AdminDroid's alerting capability. This can deter attackers who might attempt to gain unauthorized access through brute-force attacks or compromised credentials.
pass-reset-admin-faq3

How to enable self-service password reset (SSPR) in Microsoft 365?

When users forget their passwords or if their accounts are locked out, SSPR enables them to quickly reset their passwords and regain access to their accounts. This reduces downtime and improves productivity. Follow the steps to enable SSPR for users in your M365 environment.

  • Access the Microsoft Entra admin center with a global administrator account.
  • Navigate to Protection and locate Password reset.
  • Select SSPR for everyone (all users) or SSPR for specific user groups only (selected groups).
  • Click Save to activate SSPR. You can also choose to send notifications about this change to all admin.
sspr-faq4

Using AdminDroid's Self Service Password Resets report, you can get a list of Office 365 user accounts that have undergone self-service password resets.

  • It shows the password reset time along with the result status, etc.
  • By analyzing this report, admins can monitor all self-service password resets and prevent unauthorized usage of user accounts.
sspr-droid-faq4

How to send password expiry notification to M365 admins?

When considering the implementation of password expiration emails for M365 users, it's vital to understand the current landscape, password expiration notifications are no longer supported within the Microsoft 365 admin center and Microsoft 365 apps.

If a user fails to reset their password before the expiry date, it can result in an account lockout, which in turn reduces user productivity.

Fortunately, AdminDroid automates notifications for admins to identify users nearing Password Expiration.

you can easily schedule reports to run in advance of password expiration, selecting from choices like seven days in advance or tailoring them to meet their unique needs. This feature enhances security measures while providing administrators with flexibility and ease of management.

  • Login to AdminDroid Office 365 Reporter.
  • Go to Reports»Security»Password Reports and select the Soon to Password Expire Users.
  • Use the 'Days to Password Expiry' filter and fill the number of days before which you want to get notified regarding the user's password expiry.
  • Schedule the report and get a list of users whose passwords will expire, sorted based on the number of days till password expiry.

exp-not-faq5

AdminDroid Microsoft 365 Password ReportingStay Secure: Track M365 Password Changes with Ease

Leverage user protection and organization security with AdminDroid's password reporting and notifications.

AdminDroid’s Recent Password Changers report offers a detailed view, including password last changed, password expiry status, and password expiry date, and analyse how frequently users have changed their passwords.

A Quick Summary

User-Friendly Password Dashboard Oversight

Get a clear view of your user password changes using Microsoft 365 password dashboard. Quickly boost security with actionable insights.

Delegate Admin for Password Reports

With AdminDroid, you can delegate granular access to any Microsoft 365 user solely for monitoring password changes.

Audit All Password Activities in Single Report

Discover all Microsoft 365 password change audit events in your organization. Admins can utilize this data to prevent unnecessary password changes and resets.

Generate Alerts on Unusual Password Changes

Enhance security by implementing alert policies to monitor and identifying unusual password changes by users.

Track M365 Admin Password with Precision

Track admins with password set to never expire along with their last password change dates and assigned admin roles.

Ensure GLBA Password Compliance

AdminDroid provides a suite of password-related reports essential for GLBA Compliance Audit on its dedicated report board.

AdminDroid makes it easier to retrieve last password changed date, password expiry date and other useful Microsoft 365 password information. With easy access to advanced password and security reports, administrators can take the initiative to enhance Microsoft 365 security.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps while checking last password change date time of Microsoft 365 users.

The following are possible errors and troubleshooting hints while dealing with last password change date time.

Error: Connect-Graph: The term 'Connect-Graph' is not recognized as the name of a cmdlet, function, script file, or operable program.

This error usually occurs when executing an unrecognized cmdlet or function, often associated with Microsoft Graph API, indicating it's not available or properly installed.

Troubleshooting hint :Install and import the Graph module properly. 

Install-Module Microsoft.Graph
Import-Module Microsoft.Graph

Error: ./PasswordExpiryReport.ps1 cannot be loaded because running scripts is disabled on this system.

This error occurs when trying to run the script. The execution policy is set to “strict” by default to prevent scripts from running.

Troubleshooting hint :To resolve this error, you can set the execution policy to run the script. 

Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Error: Update-MgUser: Insufficient privileges to complete the operation.

This error occurs when the user connects to the Graph PowerShell module without the required permissions.

Troubleshooting hint :Connect to the Microsoft Graph module with global admin or security admin privileges. 

Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All"

Error: Microsoft.Graph.PowerShell.Models.MicrosoftGraphUser' does not exist or one of its queried reference-property objects are not present.

This error is due to specified user ID might be incorrect or does not exist in the directory.

Troubleshooting hint :Ensure the user ID is valid and exists in your Microsoft Graph directory.