🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Azure AD

How to Check Users Last Password Change Date in Microsoft 365

Are you spending hours tracking the last password change date and time for each account? There’s a better way! This guide will show you how to efficiently identify the last password change date and time to identify users with expiring passwords. Explore techniques to proactively manage password lifecycles, prevent lockouts, and keep your users productive.

Using Microsoft Entra Admin Center

Microsoft 365 Permission Required
Global Admin, Help Desk Admin, Password Admin.
  • Sign in to the Microsoft Entra admin center.
  • Navigate to All users tab under Users» Active Users.
  • Click on Manage view and select Edit columns.
  • Choose Last password change date time from the 'Edit column' page and save the view.
  • You can now view the 'Last password change date time' for every user in the tenant.
Using Microsoft Entra Admin Center

Using Windows PowerShell

Microsoft 365 Permission Required
Global Admin, Help Desk Admin, Password Admin.
  • Follow the steps suggested below to get users last password change date time in your organization using PowerShell.
  • Connect to Microsoft Graph PowerShell using the below cmdlet.
  • Windows PowerShell Windows PowerShell
     Connect-Graph -Scopes User.Read.All, Organization.Read.All
  • Run the following cmdlet to get Microsoft 365 users last password change date.
  • Windows PowerShell Windows PowerShell
     Get-MgUser  -all -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime  | Select-Object -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime
Using Windows PowerShell

Using PowerShell Script

Microsoft 365 Permission Required
Global Admin, Help Desk Admin, Password Admin.
  • Despite the admin center and PowerShell cmdlets providing the last password change date and time, generating insightful password reports will be challenging.
  • Our PowerShell script offers a significant enhancement over existing methods by providing password change dates in a more user-friendly format.
  • Additionally, it enriches the data with vital insights such as days since password last set, password expiry date, days since expiry/days to expiry, etc.
  • Download the script and run it in Administrator PowerShell.
Using PowerShell Script
PasswordExpiryReport.ps1

Stay Secure: Track M365 Password Changes with Ease

User-Friendly Password Dashboard Oversight

Get a clear view of your user password changes using Microsoft 365 password dashboard. Quickly boost security with actionable insights.

Delegate Admin for Password Reports

With AdminDroid, you can delegate granular access to any Microsoft 365 user solely for monitoring password changes.

Audit All Password Activities in Single Report

Discover all Microsoft 365 password change audit events in your organization. Admins can utilize this data to prevent unnecessary password changes and resets.

Generate Alerts on Unusual Password Changes

Enhance security by implementing alert policies to monitor and identifying unusual password changes by users.

Track M365 Admin Password with Precision

Track admins with password set to never expire along with their last password change dates and assigned admin roles.

Ensure GLBA Password Compliance

AdminDroid provides a suite of password-related reports essential for GLBA Compliance Audit on its dedicated report board.

AdminDroid makes it easier to retrieve last password changed date, password expiry date and other useful Microsoft 365 password information. With easy access to advanced password and security reports, administrators can take the initiative to enhance Microsoft 365 security.

Explore a full range of reporting options

Important Tips

Enable Self-Service Password Reset (SSPR) in Microsoft 365 to empower users to reset their passwords and reduce administrative dependence.

Strengthen your Microsoft 365 password policy by leveraging Azure AD Password Protection and elevate password security.

Ensure password security with Microsoft 365 smart lockouts to prevent brute force attacks and credential stuffing.

Common Errors and Resolution Steps

The following are possible errors and troubleshooting hints while dealing with last password change date time.

Error Connect-Graph: The term 'Connect-Graph' is not recognized as the name of a cmdlet, function, script file, or operable program.

This error usually occurs when executing an unrecognized cmdlet or function, often associated with Microsoft Graph API, indicating it's not available or properly installed.

Fix Install and import the Graph module properly.
Install-Module Microsoft.Graph
Import-Module Microsoft.Graph

Error ./PasswordExpiryReport.ps1 cannot be loaded because running scripts is disabled on this system.

This error occurs when trying to run the script. The execution policy is set to “strict” by default to prevent scripts from running.

Fix To resolve this error, you can set the execution policy to run the script.
Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Error Update-MgUser: Insufficient privileges to complete the operation.

This error occurs when the user connects to the Graph PowerShell module without the required permissions.

Fix Connect to the Microsoft Graph module with global admin or security admin privileges.
Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All"

Error Microsoft.Graph.PowerShell.Models.MicrosoftGraphUser' does not exist or one of its queried reference-property objects are not present.

This error is due to specified user ID might be incorrect or does not exist in the directory.

Fix Ensure the user ID is valid and exists in your Microsoft Graph directory.

Frequently Asked Questions

Manage User Passwords Effectively with Password Reports in Microsoft 365

How to find password never changed users in M365?

How to find password never changed users in M365? +

Micriosoft 365 users who never change their passwords pose a significant security risk due to increased vulnerability to credential theft and compliance violations. So, it is mandatory to check password changes regularly.

There is no exact method or option to find a user who never changed a password in Microsoft 365. However, we can identify those users by comparing the Last password change date time and Created date time columns.

Follow the below steps.

  • Sign in to the Microsoft Entra admin center.
  • Navigate to the 'All users' tab under Identity»Users.
  • Click on 'Manage view' and select 'Edit columns'.
  • Choose 'Created date time' and 'Last password change date time' from the Edit column page and save the view.
password-never-changed-user-faq1

By using AdminDroid's Password Never Changed Users report, identify and address accounts with outdated credentials effectively.

  • It gives details, such as UPN, Microsoft 365 user creation time, password expiration date, weak password status, etc.
  • You can save the report in your local using 'Download/Export' option.
pass-nc-ad-faq1

How to identify users with passwords older than 90 days using PowerShell?

How to identify users with passwords older than 90 days using PowerShell? +

Many organizations enforce password policies requiring users to change their passwords every 90 days or (appx 3 months). However, some users may not consistently adhere to these guidelines. This lack of compliance can lead to account lockouts and decreased productivity, posing security risks.

There is no direct method to find password age. However, we can find the users who haven't changed their passwords for the last 90 days using PowerShell.

Connect to the Microsoft Graph module and run the below cmdlets.

Connect-MgGraph
$PolicyDays = (Get-Date).AddDays(-90)
$users=Get-MgBetaUser -All -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime, PasswordPolicies |  Where-Object {$_.LastPasswordChangeDateTime -lt $PolicyDays } $users | Select-Object DisplayName, UserPrincipalName, LastPasswordChangeDateTime

Using AdminDroid's Password Not Changed in 90 Days report, you can easily track the users who have not changed their password in the last 90 days, ensuring timely updates for better security.

  • Beyond the standard 90-day cycle, the report interface allows you to filter users with password ages greater than 30, 60, 90, 180, or any custom duration as per your organization’s policy.
  • This flexibility ensures that you can effectively monitor and manage password policies tailored to your security requirements.
password90days-faq2

How to force password change for all users in Microsoft 365?

How to force password change for all users in Microsoft 365? +

When Microsoft 365 users are attempting to sign in with incorrect passwords or accessing from restricted locations, the first line of defense is to enforce a password reset. This prevents unauthorized access of an attacker who guessed a previously used password.

Run the following cmdlet to force a password change for all M365 users.

Connect-MgGraph -Scopes User.ReadWrite.All $Allusers = Get-Mguser –all         $PasswordProfile =@{ForceChangePasswordNextSignIn=$true} Foreach ($user in $Allusers) {$upn=$user.UserPrincipalName Update-MgUser  –UserId $upn            -PasswordProfile  $PasswordProfile} 

Run the below cmdlet to force change password for a single M365 user.

Connect-MgGraph -Scopes User.ReadWrite.All      $PasswordProfile=@{ForceChangePasswordNextSignIn=$true} Update-MgUser -UserId <UPN> -PasswordProfile  $PasswordProfile

Admins enforce Microsoft 365 password resets for ensuring security, compliance, and preventing unauthorized access.

  • Use AdminDroid's Password Reset by Admin report to proactively monitor the user password reset events forced by admins in your organization.
  • You can also set this report to send real-time alerts using AdminDroid's alerting capability. This can deter attackers who might attempt to gain unauthorized access through brute-force attacks or compromised credentials.
pass-reset-admin-faq3

How to enable self-service password reset (SSPR) in Microsoft 365?

How to enable self-service password reset (SSPR) in Microsoft 365? +

When users forget their passwords or if their accounts are locked out, SSPR enables them to quickly reset their passwords and regain access to their accounts. This reduces downtime and improves productivity. Follow the steps to enable SSPR for users in your M365 environment.

  • Access the Microsoft Entra admin center with a global administrator account.
  • Navigate to Protection and locate Password reset.
  • Select SSPR for everyone (all users) or SSPR for specific user groups only (selected groups).
  • Click Save to activate SSPR. You can also choose to send notifications about this change to all admin.
sspr-faq4

Using AdminDroid's Self Service Password Resets report, you can get a list of Office 365 user accounts that have undergone self-service password resets.

  • It shows the password reset time along with the result status, etc.
  • By analyzing this report, admins can monitor all self-service password resets and prevent unauthorized usage of user accounts.
sspr-droid-faq4

How to send password expiry notification to M365 admins?

How to send password expiry notification to M365 admins? +

When considering the implementation of password expiration emails for M365 users, it's vital to understand the current landscape, password expiration notifications are no longer supported within the Microsoft 365 admin center and Microsoft 365 apps.

If a user fails to reset their password before the expiry date, it can result in an account lockout, which in turn reduces user productivity.

Fortunately, AdminDroid automates notifications for admins to identify users nearing Password Expiration.

you can easily schedule reports to run in advance of password expiration, selecting from choices like seven days in advance or tailoring them to meet their unique needs. This feature enhances security measures while providing administrators with flexibility and ease of management.

  • Login to AdminDroid Office 365 Reporter.
  • Go to Reports»Security»Password Reports and select the Soon to Password Expire Users.
  • Use the 'Days to Password Expiry' filter and fill the number of days before which you want to get notified regarding the user's password expiry.
  • Schedule the report and get a list of users whose passwords will expire, sorted based on the number of days till password expiry.

exp-not-faq5
+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
User Help Manuals Compliance Docs
x
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!