🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Azure AD

How to Audit Forced Password Changes in M365

When a security breach occurs in your organization, an enforced password change is the first line of defense to safeguard your users' Microsoft account. However, forced password changes may sometimes fail, leaving a user compromised. To ensure the enforcement status, it’s crucial to audit these resets for users. In this guide, we'll learn how to effectively audit forced password changes in Microsoft 365.

Using Microsoft Purview Compliance Portal

Microsoft 365 Permission Required
View-only Audit Logs Role Least Privilege
Global Admin Most Privilege
  • Log in to the Microsoft Purview compliance portal.
  • Under the Solutions section, select Audit.
  • Customize the date and time as desired.
  • Select the following operation from the Activities-friendly names drop-down and click Search.

    Set property that forces user to change password

  • Once the search is complete, you can export the forced password change activity report.
Using Microsoft Purview Compliance Portal

Using Windows PowerShell

Microsoft 365 Permission Required
View-only Audit Logs Role Least Privilege
Global Admin Most Privilege
  • Connect to the Exchange Online PowerShell module using the below cmdlet.
  • Windows PowerShell Windows PowerShell
     Connect-ExchangeOnline
  • Run the below cmdlet to audit all forced password changes in Microsoft 365.
  • Windows PowerShell Windows PowerShell
     Search-UnifiedAuditLog -StartDate <yyyy-mm-dd> -EndDate <yyyy-mm-dd> -Operations "Set force change user password" -ResultSize 5000 | ForEach-Object { [PSCustomObject]@{ CreationDate = $_.CreationDate; Operations = $_.Operations; "Performed On" = ($_.AuditData | ConvertFrom-Json).ObjectId; "Initiated By" = $_.UserIds } } | Format-Table
Using Windows PowerShell

Defend your Microsoft 365 account with comprehensive auditing of forced password changes!

AdminDroid’s Azure AD auditing tool strengthens your security framework by offering insightful reports on password changes and resets in Microsoft 365.

Visualize All Your Password Changes with Engaging Dashboard

Use AdminDroid's Microsoft 365 password dashboard to gain a clear view of user password changes and quickly enhance security with actionable insights.

Track Users with Unchanged Passwords Through AdminDroid

Identify users with unchanged passwords in M365 to eliminate security threats by enforcing a password change for Microsoft 365 accounts.

Comprehensive Audit of All Password Changes

Examine all password changes in a single report to prevent unnecessary changes and analyze the history by exporting the data.

Stay ahead of Your Password Expiration Dates with AdminDroid

Check password expiry dates for M365 users in advance to ensure timely password updates and minimize the risk of disruptions to their accounts.

Be Alerted to Forced Password Changes

With AdminDroid's default alert template, you can easily set alerts to receive instant notifications for forced password resets by admins which enable quick responses during critical user access emergencies.

Monitor Last Password Change Time to Identify Stale Passwords

By checking the last password change date and time, you can identify how frequently users update their passwords. This reduces the risk of security breaches caused by stale passwords.

In summary, AdminDroid’s Azure AD management tool provides valuable insights into your organization's password change activities and helps strengthen your security measures within Microsoft 365.

Explore a full range of reporting options

Important Tips

Enable Self-service password reset for critical users while limiting it for others to avoid unnecessary password resets and the use of weak passwords.

Distribute Temporary Access Passes to users facing potential threats and enable them to log into their Microsoft 365 accounts securely without a password.

Use the leaked credential detection report in Microsoft Entra to identify compromised user accounts and take immediate action to secure them.

Common Errors and Resolution Steps

Below are some potential errors and troubleshooting tips you might encounter when dealing with forced password changes in Microsoft 365.

Error Cannot Process argument transformation on parameter EndDate . Cannot convert value to type. Microsoft.Exchange.ExchangeSystem.ExDateTime. “String 24/9/2024” was not recognized as a valid Datetime.

This error occurs when the date is entered in an incorrect format, which results in PowerShell being unable to convert the string '24/9/2024' into a valid DateTime object.

Fix Always use a consistent and recognizable date format, following a standard case like MM/DD/YYYY, to ensure proper interpretation by PowerShell.

Error Get-MgUser : Authentication needed. Please call Connect-MgGraph.

The error occurs when you try to use the 'Get-MgUser' cmdlet without authenticating and providing the required scope.

Fix Authenticate with the required scope by running the 'Connect-MgGraph' cmdlet.
Connect-MgGraph -Scopes 'Domain.Read.All', 'User.ReadWrite.All'

Error You cannot access controls on this page. If you should have permissions to view and use this page, contact your administrator.

This error occurs when users with insufficient permissions try to access audit logs in the Microsoft Purview portal.

Fix To resolve the issue, ensure that the user account has the necessary permissions to access the page.

Frequently Asked Questions

Secure User Access with Enforced Password Resets in Microsoft 365!

How to force a password reset in Microsoft 365?

How to force a password reset in Microsoft 365? +

If there's evidence of unusual activity on a user account, enforcing a password change is crucial to secure the account and prevent further compromise in Microsoft 365. While this can be done through the Microsoft 365 admin center, you'll need to reset the user's password and then share it securely with them.

However, by using PowerShell you can force users to change their password without resetting the existing password.

Force Password Change for a Microsoft 365 User

Connect to the Microsoft Graph PowerShell module using the below cmdlet.

Connect-MgGraph -Scopes "User.ReadWrite.All"

Execute the following cmdlet to force password update for the particular user.

$PasswordProfile=@{ForceChangePasswordNextSignIn=$true}  
Update-MgUser -UserId <UPN> -PasswordProfile  <$PasswordProfile>

-Replace your desired password profile in the <$PasswordProfile> and replace <UPN> with the "user principal name" of the intended user.

Force Password for All Microsoft 365 Users

Run the following PowerShell script to enforce a password reset for all Microsoft 365 users after connecting to the MS Graph PowerShell module.

$AllUsers = Get-MgUser -All 
# Create the password profile to force password change 
$PasswordProfile = @{ ForceChangePasswordNextSignIn = $true} 
# Loop through each user and update their password profile 
foreach ($user in $AllUsers) { 
 $UPN = $user.UserPrincipalName
Update-MgUser -UserId $UPN -PasswordProfile <$PasswordProfile>}

After forcing password changes, it's essential to check whether the changes were successfully implemented. However, there are no status details available for this in Microsoft 365.

You can capture all forced password changes in M365 with AdminDroid, which ensures comprehensive tracking and management!

By using AdminDroid's Force Change User Password report, you can easily audit when an admin enables the option to force users to change their passwords and identify which users were affected. You can also check the success of the forced password change based on the result status.

  • You can easily mail this report to the respective admins, providing insights into the forced password changes.
  • This functionality ensures admins are informed about affected users and the success of the changes, leading to to effective security management.
forced-reset-admindroid-report

Handy tip: Use the Schedule (⏰) option to receive automated insights on forced password changes on a daily, weekly, or monthly basis.

How to verify the user changed password after the forced password change in Microsoft 365?

How to verify the user changed password after the forced password change in Microsoft 365? +

Even after enforcing a forced password change, users might not exit their current session due to cached tokens and may fail to update their password. Therefore, it’s essential to verify whether the user has successfully changed their password.

This verification ensures the new password is set correctly, to ensure account security and prevent unauthorized access due to incomplete changes.

For verification: we need the forced password change time and the last password change date and time. However, we cannot directly obtain this information using Microsoft 365's native tools.

By using the 'All Password Changes' report from AdminDroid, you can easily verify the forced password change time and the last password change times in just a few clicks.

  • Set the filter Operation equals to Set property that forces user to change password.
  • Add the Password Last Changed column and verify this with the Event Time. If the user has not changed their password, you can prompt them to do so in a timely manner.
all-password-change-admindroid-report

How to check Password change history in Microsoft 365?

How to check Password change history in Microsoft 365? +

In Microsoft 365, users can change their passwords through Self-service password resets or manual password changes, aside from forced password changes initiated by admins.

Since Microsoft 365 doesn’t offer password change alerts, the only way to detect unusual password reset activity is by regularly auditing the logs.

Auditing password changes helps identify security risks and highlights users who frequently reset their passwords and password-changing patterns.

Struggling to track password changes? Check out our guide on auditing password changes in Microsoft 365 and discover best practices for strong passwords.

Here's a quick glimpse!

  • Microsoft Purview compliance portal: You’ll find a clear method to locate and filter all password changes using Microsoft Purview.
  • PowerShell script: This section explains how to use the Search-UnifiedAuditLog PowerShell cmdlet to retrieve all password changes, including resets and Self-service password reset (SSPR), for all M365 users.
  • AdminDroid Azure AD reporter: AdminDroid provides a comprehensive overview of the password change history in M365, featuring dedicated reports for users who have never changed their passwords, recently changed passwords, last password change date, password expiration date, and various other password metrics. The graphical representation offers clear insights, which simplifies the management and understanding of password statuses.

Why is auditing forced password changes important in Microsoft 365?

Why is auditing forced password changes important in Microsoft 365? +

Auditing forced password changes in Microsoft 365 plays a crucial role for the following reasons.

  • Accountability Auditing provides a clear record of actions, showing exactly who enforced key forced password changes in Microsoft 365 and for which users.
  • Ensuring Successful Password Changes When enforcing password changes for M365 users during a security breach, auditing is essential to confirm that the reset process is successful for all intended users. This verification ensures that all users comply with the change, to reduce the risk of vulnerabilities.
  • Identifying Potential Risks By examining audit logs, admins can identify users with the most password resets in M365 and address any underlying issues with those individual users.
  • Incident Investigation In case of a security incident, having a detailed audit of forced password changes enables a more thorough investigation by providing insights into which accounts were affected and when.
  • Compliance Requirements Many industries have regulations that require organizations to maintain an audit trail of forced password changes, especially resets. Auditing ensures that companies meet compliance standards like GDPR, HIPAA, etc.
+

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
User Help Manuals Compliance Docs
x
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!