How to get the last password change date of Microsoft 365 users
Last updated on:In this page
- How to check the last password change date using the Microsoft Entra admin center
- How to get the last password change date using PowerShell
- How to view last password change dates in M365 Manager Plus
- Streamline Microsoft Entra ID user governance and group management
- Important tips
- Frequently asked questions
Tracking password set dates is a basic but critical administrative task. Administrators need visibility into when user passwords were last changed to meet compliance requirements, follow security recommendations, and investigate suspicious password changes. In large environments, manually checking this information across accounts is inefficient and unreliable. Without a clear way to list password change dates, abnormal or non-compliant activity can easily be missed.
This article will show you how to get a Microsoft 365 password change report with native tools, including the Microsoft Entra admin center and Microsoft Graph PowerShell, and with ManageEngine M365 Manager Plus, a dedicated Microsoft 365 administration tool.
- Entra admin center
- Graph PowerShell
- M365 Manager Plus
Method 1: How to check the last password change date using the Microsoft Entra admin center
Prerequisites
An Entra ID user account that has at least the Reports Reader, Password Administrator, or Helpdesk Administrator role assigned to it.
Steps
- Log in to the Microsoft Entra admin center and navigate to Users > All users.
- Click Manage view and select Edit columns.
- Click Add columns, search for Last password change date time and select it.
- Click Save to update the view.
- Select the check box next to the users you want to generate the report for and click
Download Users to export the list of Microsoft 365 users with their last
password change date.
Method 2: How to get the last password change date using PowerShell
Prerequisites
- The Reports Reader, Password Administrator, or Helpdesk Administrator role must be applied to the account you use to sign in to Microsoft Graph PowerShell.
- You must be connected to the Microsoft Graph PowerShell module.
- To check if the Microsoft Graph PowerShell module is installed, use this script:
Get-Module Microsoft.Graph -ListAvailable
If it does not return a value, you will have to install the module.
- To install the Microsoft Graph PowerShell module, execute this script:
Install-Module Microsoft.Graph -Scope CurrentUser
- To connect to Microsoft Graph, run this script:
Connect-MgGraph -Scopes "User.Read.All"
- To check if the Microsoft Graph PowerShell module is installed, use this script:
Using Get-MgUser to get the last password change date using Microsoft Graph PowerShell
The Get-MgUser cmdlet can be used to retrieve the LastPasswordChangeDateTime attribute, which shows the most recent password change performed by the user.
Use the following Microsoft Graph PowerShell snippet with the Get-MgUser cmdlet to find the last password change of your Microsoft 365 users.
Get-MgUser -All -Property "DisplayName","UserPrincipalName","LastPasswordChangeDateTime" |
Select-Object DisplayName, UserPrincipalName, LastPasswordChangeDateTime | Export-Csv -Path
"C:\Reports\PasswordChangeDate-$(Get-Date -Format yyyyMMdd).csv" -NoTypeInformation -Encoding
UTF8
Supported parameters
The following table contains parameters used with the Get-MgUser cmdlet to retrieve the last password change of your Microsoft 365 users.
| Parameter | Description |
|---|---|
| DisplayName | The friendly name of the user. |
| UserPrincipalName | The primary login email address of the user. |
| LastPasswordChangeDateTime | The time the user last performed a Microsoft 365 change password action. |
Method 3: How to view last password change dates in M365 Manager Plus
- Log in to M365 Manager Plus, navigate to the Reports tab > Azure Active Directory > User Reports and click the Password Changed Users report.
- Click Add/Remove Columns, select Last Password Changed
from Available Columns, click the >> icon >
Save. You can also move the Last Password Changed column
by clicking Up until it reaches the position you want.
- You can now view a list of all Microsoft 365 users who changed their passwords with their
last password change date.
Streamline Microsoft Entra ID user governance and group management
M365 Manager Plus provides a unified command center for managing the entire life cycle of your Microsoft Entra ID users and groups. Gain instant visibility into group memberships, ownership gaps, and orphaned objects, plus view, manage, and track identity objects across your Microsoft 365 tenant from a single console—all without switching between multiple admin portals.
Review and manage Microsoft Entra ID users and groups
Easily identify users without managers, groups without owners, inactive accounts, and stale memberships. Assign or update group owners, modify user properties, set up MFA for your Microsoft 365 users and clean up unused or risky identities directly from the same interface to maintain accountability and ownership across your directory.
Built-in reports for Microsoft Entra ID users and groups
Access ready-made reports covering user status, sign-in activity, password and MFA changes, license assignments, group memberships, orphaned groups, and privileged accounts. These reports help you quickly spot inactive users, over-licensed accounts, and groups that lack proper ownership, without manual data collection.
Audit Entra user and group changes
Track changes made to users and groups, including membership updates, role assignments, license changes, and account status modifications. Audit trails provide clear visibility into who changed what and when, helping you meet security and compliance requirements.
Real-time alerts for critical Microsoft Entra ID events
Configure instant alerts for events such as new admin role assignments, untimely sign-ins, group owner changes, user creation or deletion, and license updates. Stay informed the moment high-impact identity changes occur instead of discovering them during audits.
Automate routine user and group management tasks
Automate common identity operations such as assigning licenses, updating group memberships, disabling inactive users, or enforcing ownership rules using policy-based automation. Reduce manual effort while keeping your Microsoft Entra ID environment clean and controlled.
Act without PowerShell
Perform reporting, audits, bulk updates, and corrective actions through a GUI-driven interface, without relying on Microsoft Graph PowerShell scripts. This reduces operational complexity, minimizes errors, and speeds up Microsoft Entra ID administration with just a few clicks.
Important tips
Regularly review password change reports: Identify stale or inactive accounts and enforce password resets where necessary.
Adopt password expiration policies: Set strict password expiration policies to reduce exploits from leaked credentials.
Encourage MFA adoption: Even with strong password policies, MFA remains a secure authentication method. Ensure your users rely on MFA for sign-ins and only use passwords as a backup to reset their MFA methods.
Configure password expiry notifications: Configure password expiry notifications in Microsoft 365 to notify users before their passwords expire to prevent account lockouts.
Frequently asked questions
It is recommended to run password change audits at least once a month, or more frequently in security-sensitive environments. You can set up M365 Manager Plus to email Microsoft 365 password change reports on the first day of every month to ensure your organization's password hygiene requirements are being met.
You can view these changes in the Microsoft Entra audit logs by filtering by Reset user password activity. In M365 Manager Plus, you can use the Password Changed Users report and add columns to differentiate between user-initiated and admin-initiated resets.
Yes, you can configure password expiry notifications via the Microsoft 365 admin center under Security & Privacy. For more granular control, M365 Manager Plus allows you to send automated, customizable email alerts to users a specific number of days before their password expires, helping to reduce help desk calls.