This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.

How to Check Password Expiry Date in Microsoft 365

Has your Microsoft 365 account ever been locked out due to an expired password? This can be a frustrating experience, particularly when you are in the midst of handling high priority projects. No need to worry! We've crafted an easy guide on how to get the password expiry report and swiftly change passwords before expiry to avoid account lockouts.

Native Solution

Microsoft 365 Permission Required


Global Admin or Security Admin.

Option 1 Using Microsoft 365 admin center

To find last password change date in Office 365:
  • Sign in to the Microsoft Entra admin center.
  • Go to the 'All Users' tab under Identity»Users.
  • Select the desired user and click on the 'Properties' tab.
  • In this tab, you can see the 'Last password change date time' of the user.
Using Microsoft 365 admin center
To find domain password expiration policy:
  • Login to the Microsoft 365 admin center.
  • Navigate to 'Org settings' under 'Settings' in the left navigation pane.
  • Click 'Password expiration policy' under Security & privacy tab.
  • If your organization has a specific password policy, you can find the number of days configured in the policy.
  • Thus, there is no direct method available to find password expiry date for Microsoft 365 users. You need to manually calculate it using user’s last password change date and domain’ password policy.

Option 2 Using PowerShell Script

  • To simplify the difficulties in the native solution, we’ve crafted the unified script to check password expiration in PowerShell and export other Microsoft 365 password-related reports.
  • Download and run the following script in the Administrator PowerShell.
Using PowerShell Script
AdminDroid Solution
More than 150 reports are under free edition.

Microsoft 365 Permission Required

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid Office 365 Reporter

  • Login to the AdminDroid Office 365 Reporter.
  • Navigate to the 'Users with Password Expiry' report under Reports»Security»Password Reports.
Using AdminDroid Office 365 Reporter

You can check password expiration date of all Microsoft 365 users along with their password last changed date, password expiry status, etc.

  • With AdminDroid’s AI powered charts, effortlessly visualize the password expiration dates and the number of Microsoft 365 users with expiring passwords.

Get password expiration date for all Microsoft 365 users in a single view!

Don’t forget to update your password before it expires. Prevent account lockout with AdminDroid’s Microsoft 365 password reports effectively!

Witness the report in action using the

Important Tips

Ensure strong password security with Microsoft 365 smart lockouts to prevent brute force attacks and credential stuffing.

Admins should consider adding alternate email addresses to users. This helps to send password reset messages to those emails when the user's password expires.

Set up Entra ID password policies in Microsoft 365 for robust security. Prevent users from selecting weak or easily guessable passwords.

Azure ADMonitor Password Expiration Date to Prevent Account Lockouts in Microsoft 365

Showing 1 of 5

Does Microsoft 365 password expire?

By default, passwords are set to never expire in all Microsoft 365 organizations. However, it is advisable to change passwords regularly to bypass account compromises.

If password expiration policy is configured with certain number of days, users' passwords will expire based on their individual last password change dates.

You can set the password expiration policy by following the steps below.

  • Login to the Microsoft 365 admin center.
  • Go to Settings»Org Settings tab.
  • Click on 'Password expiration policy' under the Security & privacy tab.
  • On the Password expiration policy page, uncheck the default checkbox to set password expiration policy in your organization.
  • Set the desired number of days (between 14 to 730) and click Save. This determines the password expiration duration.

Also, admins must note that Microsoft Entra ID has default password policies to ensure strong and complex passwords, when users reset their passwords. Admins cannot modify these default policies. However, they can ban custom passwords in Microsoft 365 to restrict users from using common passwords like company name, branch name, department name, etc.

AdminDroid's 'Password Policy' report makes it easy for admins to track the validity days configured using the password expiration policy.

  • This report provides password policies of multiple domains in your tenant with additional insights, including the number of policy-applied users, policy bypassed users, etc.
  • By utilizing the Download button, admins can effortlessly export the report in their preferred format to their local system.

How to change the expired password in Microsoft 365?

An expired password may lead to an account lockout in Microsoft 365, and you cannot access your account.

Users can reset expired passwords and regain access to their account using the steps below:

  • Sign in to using your work or school account.
  • Navigate to Settings»Password.
  • Enter your old password.
  • Create a new password and confirm it
  • Click Submit to complete the password change.

Note: Users can reset their own passwords using the above method only if your organization has enabled SSPR (Self Service Password Reset) for all users.

Admins can enable self-service password reset (SSPR) for users by following the steps below.

  • Sign in to Microsoft Entra admin center with a global admin account.
  • Navigate to 'Password Reset' under Protection.
  • Enable SSPR for 'Selected groups or All users' based on your requirements.
  • You can enable self-service password reset only for one Azure AD group in the Microsoft Entra admin portal.

Also, it is essential to monitor the user’s password changes to ensure only the required user’s password is modified, preventing any unusual password changes and detect password spray attacks in your organization.

With AdminDroid's 'User Password Changes' report, you can keep an eye on user password changes when their passwords expire in your organization.

  • This report provides valuable details like password changed users and result status. It help the admins to ensure only necessary password changes occur within the organization.

With AdminDroid Advanced Alerting, you can configure a threshold limit for password change activities and receive real-time notifications whenever unusual user password modifications occur in the organization.

How to set password expiration notification in Microsoft 365?

Setting up password expiration notifications in Microsoft 365 can prompt users to update their passwords before facing account lockouts.

Microsoft no longer supports password expiration notifications. Finding a workaround using the native solution is complicated and requires technical expertise. Also, it involves manual application addition, API permission assignment, certificate creation, client secret management, and script execution.

AdminDroid’s Quick schedule feature let admins to generate a weekly schedule, enabling them to effectively send password expiry notification to Microsoft 365 users.

  • Also, you can utilize AdminDroid's 'Soon To Password Expire Users' report that helps to find the list of all Microsoft 365 users whose passwords are about to expire soon.
  • It helps admins to prioritize these users for timely password expiry notifications.

This report includes user’s details such as UPN, Office 365 password expiration date, password expiration duration, last password change date, user sign-in status, license status, etc.

How to set never expire passwords in Office 365 for single user?

Password expiration policy would be useful to improve the security of Microsoft 365 users’ accounts. However, organizations may need some crucial accounts with set passwords to never expire status.

You can set password to never expire in Microsoft 365 for single user using the below Graph PowerShell cmdlet:

Connect-MgGraph -Scopes "User.ReadWrite.All", "Group.ReadWrite.All"

Update-MgUser -UserId <user ID> -PasswordPolicies DisablePasswordExpiration

Also, it is equally important to monitor accounts with passwords set to never expire, ensuring the security of these crucial accounts.

You can get all the users with password set to never expire using the below PowerShell cmdlet:

Get-MgUser -All -Property UserPrincipalName, PasswordPolicies | Select-Object UserprincipalName,@{N="PasswordNeverExpires"; E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}}

However, Graph PowerShell methods require a technical understanding to get in-depth details of the users’ password expiry statuses and users with never expire passwords.

With AdminDroid’s 'Passwords Never Expire Users' report, you can effectively verify that only the approved and privileged users are configured with never expired passwords.

  • This report provides extensive details like last password changed date, admin roles, user added time and helps you to ensure only required users are configured with password never expires.

PRO TIP: You can directly email any of the reports in the required format from the report page itself, by clicking the mail icon (✉).

How to check user password expiry date in Microsoft 365?

Password expiry date in Microsoft 365 is not directly accessible since it depends on the number of days configured in the domain password policy. Also, the countdown to password expiration starts from the last time a user changed their password. Each user may have a different expiration date based on their individual password change history.

Therefore, to check the password expiration date in Office 365, manual calculation is required by comparing the days in the password expiration policy with the individual user's last password change date.

You can get password validity period of your organization’s password policy using the below PowerShell cmdlet.

Get-MgDomain -DomainID "<Domain name>" | select -Property Id, PasswordValidityPeriodInDays

You can find last password changed date in Office 365 using the Graph PowerShell cmdlet below.

Get-MgUser -All -Property DisplayName,lastPasswordChangeDateTime | select DisplayName,lastPasswordChangeDateTime

Additionally, you can check the leaked credential report in Microsoft Entra ID to validate the current security measures of user account passwords. It also helps you to identify and address any potential vulnerabilities or compromised credentials promptly.

Using the 'Users with Password Expiry' report, you can effortlessly find the accurate password expiration date of Microsoft 365 users without any manual calculation.

This report includes other necessary details such as the user’s last password changed date, password expiry status, etc.


PRO TIP: You can sort the report data in ascending or descending order by simply clicking the column heading. Here, you can click on 'Password Expiry Date' to arrange the data in ascending order to identify the users with earliest password expiration date.

AdminDroid Microsoft 365 Password ReportingEfficiently track password expiry date and policies with precise insights!

AdminDroid’s Microsoft 365 password reports offer a diverse range of details related to user passwords. This empowers you to obtain password expiration date of Microsoft 365 users, ensuring robust security and compliance in your organization.

Experience the efficient method to find user’s password expiration date with AdminDroid!

The 'Users with Password Expiry' report under Reports»Security»Password Reports gives you a clear picture of Microsoft 365 users whose passwords are about to expire. These insights display key details such as password expiry status, last password change date, and the remaining days until password expiry.

A Quick Summary

Account Lockout Transparency

AdminDroid Microsoft 365 reporter provides transparency into account lockout events, empowering admins to respond swiftly to any unusual activities.

Unusual Password Resets Detection

Safeguard your organization user accounts by tracking Microsoft 365 self-service password resets and prevent the unauthorized usage of the user account.

Optimized Security Information

Elevate your Microsoft 365 security with AdminDroid's advanced security reporting, gaining insights to shield against potential threats.

User-Friendly Password Dashboard Oversight

Gain extensive insights into organization-wide password status breakdowns with AdminDroid's Microsoft 365 password dashboard. Take swift actions to improve password security measures.

Expired Password Sign-In Alerts

Receive prompt notifications when Microsoft 365 users sign-in with expired passwords and safeguard your organization against any potential threats.

Consistent Password Expiry Review

Implement periodic review and update the list of admins with never expire passwords to align with organization security policies.

In conclusion, AdminDroid simplifies the challenges of getting password expiration dates and other valuable Microsoft 365 password reports. With quick access to advanced password and security related reports, admins can stay proactive in fortifying security in their Microsoft 365 environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Common Errors and Resolution Steps while checking Password Expiration date of Microsoft 365 users

The following are possible errors and troubleshooting hints while getting Microsoft 365 users’ password expiration date:

Error: Your password has expired. type your updated password and try again. You need to update your password because this is the first time you are signing in, or because your password has expired.

This error occurs when your account password expired due to password expiration policy of your organization.

Troubleshooting hint :Set the new password to login to your Microsoft 365 account.

Error: Update-MgUser : Insufficient privileges to complete the operation.

This error occurs when the user connects Graph PowerShell module without required permissions.

Troubleshooting hint :Connect the Microsoft Graph module with global admin or security admin privileges.

Connect-MgGraph -Scopes "User.ReadWrite.All","Group.ReadWrite.All"

Error: Get-MgBetaUser : The term 'Get-MgBetaUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

This error occurs when you run cmdlets without installing respective packages in PowerShell.

Troubleshooting hint :Install the Micrsoft Graph beta package by using the below PowerShell cmdlet.

Install-Module Microsoft.Graph.Beta

Error: You can’t reset your own password because the password reset isn’t properly set up for your organization.

This error occurs when users try to reset their password, when the self-service password reset is disabled in your organization.

Troubleshooting hint :You must contact your administrator to reset your password and to check your organization’s setup.

Error: Get-MgDomain : Resource '' does not exist or one of its queried reference-property objects are not present.

This error occurs when you enter an incorrect domain ID or incomplete domain ID like ‘’.

Troubleshooting hint :Enter complete domain name like ‘’ without any discrepancy.

Get-MgDomain -DomainID "<Domain name>" | select -Property Id, PasswordValidityPeriodInDays