- Free Edition
- Quick Links
- Highlights
- Exchange Online
- Exchange Online Management
- Exchange Online Reports
- Exchange Online Auditing
- Exchange Online Monitoring
- Shared Mailbox Management
- Mailbox Usage Reports
- Exchange Online Mailbox Auditing
- Shared Mailbox Reports
- Exchange Online Delegation
- Mailbox Size Reports
- Mail Traffic Reports
- Non-owner Mailbox Access Report
- Public Folder Reports
- OWA Reports
- Mailbox Content Reports
- Entra ID
- Entra ID Management
- Entra ID Reports
- Entra ID Monitoring
- Entra ID Auditing
- User Management
- Contact Reports
- Security Group Reports
- License Reports
- Entra ID Delegation
- Microsoft 365 User Provisioning
- User Reports
- Distribution Group Reports
- Group Reports
- Inactive Exchange Users
- Entra ID User Auditing
- Entra ID Group Auditing
- Entra ID Logon Auditing
- Microsoft Teams
- OneDrive for Business
- SharePoint Online
- Security and compliance
- Other Features
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Hybrid AD, cloud, and file auditing and security
- ADSelfService Plus Identity security with MFA, SSO, and SSPR
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- M365 Security Plus Microsoft 365 Auditing and Alerting
- EventLog Analyzer Real-time Log Analysis & Reporting
- SharePoint Manager Plus SharePoint Reporting and Auditing
- DataSecurity Plus File server auditing & data discovery
- RecoveryManager Plus Enterprise backup and recovery tool
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools
What is the Password Changed Users report in M365 Manager Plus?
The Password Changed Users report, one of M365 Manager Plus' Microsoft Entra ID reports, gives details about Microsoft 365 user accounts whose passwords were changed within a selected period. It primarily includes identifying attributes such as the user's display name and User Principal Name, when their password was last changed, how many days have elapsed since that change, and more.
Why you need a Microsoft 365 password changed users report
Passwords are the first line of defense in any identity security model, yet they are also the attribute most often overlooked after initial provisioning. According to Verizon's 2024 Data Breach Investigations Report, over 70% of breaches involve compromised credentials, making password monitoring a critical security control. When administrators lack a clear, centralized view of recent password change activity, stale credentials are at risk of being exploited. A password changed users report closes that gap, giving security teams the visibility to act before a dormant credential becomes a live threat.
- Identify accounts with stale credentials: Pinpoint user accounts that have not had a password change in an abnormally long period, allowing you to enforce rotation policies before those accounts become a liability.
- Detect suspicious after-hours password changes: Filter password change events by non-business hours to surface resets that fall outside of normal operational windows to prevent account takeovers or privilege abuse.
- Support compliance reviews and regulatory audits: Produce a dated, exportable record of all password change activity to demonstrate adherence to compliance standards. PCI D SS, NIST, ISO 27001, and SOC 2.
What does the Password Changed Users report show?
Using M365 Manager Plus, you can generate the Password Changed Users report with the following fields.
- Microsoft 365 Tenant: Select the specific tenant where you want to track password change activity.
- Virtual Tenants: If you have created virtual tenants to manage specific subsets of your organization, you can filter the report to show only users in that virtual tenant.
- Filter By: Choose to view users from specific domains or belonging to particular groups.
- Business Hours: Toggle between All Hours, Business Hours, or Non-Business Hours to isolate password changes made outside standard shifts and identify anomalous activity before it becomes a threat.
- Period: Set a custom date range (e.g., the last seven days or a specific date and time), showing only users whose passwords were changed within the selected window.
The Password Changed Users report displays the following details for every user.
| Attribute | Description |
|---|---|
| Display Name | The full name of the user as it appears in the Microsoft 365 tenant |
| User Principal Name | The unique login identifier for the user (e.g., user@domain.com), used for authentication |
| Days Since Last Password Change | The total number of days elapsed since the user last changed or had their password reset |
| Password Never Expires | A true or false indicator showing whether the user's account is exempt from password expiration policies |
| Last Password Change Date | The exact date and timestamp when the user's password was last changed or reset in the Microsoft 365 tenant |
Here are some more Entra user attributes that the Password Changed Users report lists.
| Alternate Email Address | First Name | Company | Street Address | Object ID | License Name |
| Last Name | Mobile Phone | Department | City | GUID | License Details |
| Initials | Business Phone | Title | State | Immutable Id | Services |
| Employee ID | Home Phone | Office | Postal Code | Blocked Credential | DirSync Provisioning Error |
| Employee Hire Date | Other Home Phone | Manager | Country / Region | Strong Password Required | Last Directory Sync Time |
| Employee Type | Other Telephone | Direct Reports | Usage Location | User Account Property | Recipient Type |
| Fax | Recipient Type Details | ||||
| Previous Recipient Type |
Native Microsoft 365 admin portals and PowerShell vs. M365 Manager Plus
Tracking Microsoft 365 password changes is possible with the native admin center portal and Microsoft Graph PowerShell. However, these methods are not ideal for regular audits or large-scale reporting.
The Entra admin center's All Users report displays the date and time of a user's last password change. However, you must add this column each time you open a new session. Administrators can use Microsoft Graph PowerShell to retrieve the LastPasswordChangeDateTime attribute using the Get-MgUser cmdlet.
While the Entra admin center and Graph PowerShell provide deep filtering and automation potential, it demands scripting expertise and manual scheduling, and any distribution of results requires additional steps to convert and format the data into a form that non-technical stakeholders can consume.
M365 Manager Plus' Password Changed Users report gets the precision of Graph PowerShell combined with the convenience of an admin center through purpose-built reporting, one-click exports, and built-in scheduling, all without writing a single line of script.
| Capability | Microsoft 365 limitations | PowerShell limitations | The M365 Manager Plus advantage |
|---|---|---|---|
| Report accessibility | 
Audit logs contain a multitude of events that you must filter every time. |
Manual filtering is required before you generate the report. |
Leverage individual, user-friendly reports segregated and categorized for one-click access. |
| Custom reports | |
|
Created by saving granular attribute-based conditional filters once per custom report. |
| Report exports | CSV or JSON formats Bulk exports require multiple stages of confirmation. | CSV or JSON formats Requires additional modules to export as PDF or XLSX. | Export to CSV, HTML, PDF, or XLSX in a single click. |
| Email reports to admins | |
|
Send right from the dashboard or report page in any supported formats without jumping between applications. |
| Automated report generation |
Requires complex add-ons like Power Automate. |
Requires complex Task Scheduler configurations. |
Schedule to any period and frequency you like, with predefined filters and export formats. |
For a more detailed comparison, check out this page on how to check the last password change date of Microsoft 365 users.
Features that enhance the Password Changed Users Report
M365 Manager Plus provides several built-in tools to help you manage, automate, and secure the data found in the Password Changed Users report:
- Export reports: You can download the report in multiple formats, including CSV, PDF, HTML, or XLSX, for sharing data with department heads, or maintaining offline records for compliance.
- Automated report generation: Set the Password Changed Users report to be generated at specific intervals—daily, weekly, or monthly—to run password audits regularly.
- Reset passwords: If the report surfaces accounts with stale credentials or suspicious password change patterns, you can initiate a password reset for the selected users with random passwords and prompt them to change it in the next login, directly from the reporting interface instead of resetting their passwords one user at a time .
- Microsoft 365 joiner and leaver automations: You can link the data from the Password Changed Users report into automated Microsoft 365 workflows in M365 Manager Plus. For example, an automation policy to disable users who have not reset their passwords within a defined period (e.g., two years).
- Microsoft 365 alerts for anomalous password reset activity: Configure real-time alerts to notify your security team if the number of password changes exceeds a specific period or specific threshold within a short window. For example, password resets post 11pm or 20 resets in two minutes, which can indicate a planned account takeover.
Reports that complement the Password Changed Users report
To strengthen your Microsoft 365 password changed users report insights, use these complementary reports:
- Users with Password Never Expires: Identifies all accounts configured to bypass password expiration policies. This report gives you a complete picture of user accounts that are permanently excluded from expiring passwords.
- MFA registration details report: Passwords are not the only security measure for your user accounts. Ensure that your users enroll for MFA and self-service password reset with phishing-resistant MFA methods such as FIDO2 passkeys to prevent unauthorized changes and thereby account takeovers.
- Microsoft 365 user login reports: Audit sign-in attempts and patterns to verify that recently changed passwords have been successfully adopted by the rightful user—and that no anomalous logins preceded or followed the change event.
Other features of M365 Manager Plus
Microsoft Entra ID management: Create, modify, and delete users, groups, and licenses in bulk without Graph PowerShell and simplify your Microsoft 365 identity management.
Microsoft 365 reporting: Leverage more than 700 prebuilt and custom reports across major Microsoft 365 services, such as Exchange Online, SharePoint Online, Teams, and OneDrive for Business, all from one dashboard.
Microsoft 365 management: Manage users, groups, mailboxes, Teams, SharePoint permissions, and license assignments across workloads without switching portals.
Microsoft 365 automation: Automate onboarding, offboarding, license provisioning, and group updates with no-code workflows and not add-on subscriptions.
Microsoft 365 auditing: Maintain a complete, searchable audit trail of every change across your Microsoft 365 environment.
Microsoft 365 alerting: Get real-time alerts on suspicious sign-ins, admin role changes, license breaches, and policy violations.
Microsoft 365 admin delegation: Give help desk staff scoped access to specific tasks such as password resets, group changes, mailbox management, without full admin rights or visibility over the users they don't manage.