Microsoft Graph Office 365 PowerShell 

Office 365: Get the Last Password Change Date using PowerShell

Salaudeen Rajack 0 Comments , , , , ,

Requirement: Check the last password change date in Office 365.

How to check the last password change in Office 365?

One of the key components of security is managing passwords. Password management is a critical aspect of maintaining security in the digital realm. For Microsoft 365 users, knowing when your password expires is essential to avoid being locked out of your account. In this comprehensive guide, we will discuss various methods for checking the last password change date in Office 365 and checking when the password expires for users. By following our step-by-step instructions, you will be well-equipped to monitor your password expiration dates and maintain seamless access to your account.

Why it’s important to check the last password change date in Office 365

Passwords are the first line of defense against unauthorized access to your Office 365 account. Your data is at risk if your password falls into the wrong hands. It’s essential to regularly change your password, and ensure that your employees do the same. Checking the last password change date in Office 365 can help you identify potential security risks, such as employees who have not changed their password in a long time.

Additionally, knowing when your password was last changed can help you troubleshoot issues with your account. For example, if you are having trouble logging in, knowing when your password was last changed can help you determine if the issue is related to your password.

Methods for checking the last password change date in Office 365

There are two primary methods for checking the last password change date in Office 365: Microsoft Graph PowerShell and the Microsoft Online Services PowerShell Module (Azure AD PowerShell Module V1). Both methods are relatively easy to use, and can provide valuable information about the security of your account.

To get the last password change date for a particular user, use this Microsoft Graph PowerShell script:

#Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All"

#Get the User
$User = Get-MgUser -UserId "salaudeen@Crescent.com" -Property UserPrincipalName, PasswordPolicies, lastPasswordChangeDateTime

#Get the user's last password change date and time
$User | Select UserPrincipalName, PasswordPolicies, lastPasswordChangeDateTime

Similarly, to get the last password change date timestamp of all users, use the following PowerShell script:

#Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All"

#Retrieve the password change date timestamp of all users
Get-MgUser -All -Property UserPrincipalName, PasswordPolicies, lastPasswordChangeDateTime `
     | Select -Property UserPrincipalName, PasswordPolicies, lastPasswordChangeDateTime

This information can be very helpful for administrators who need to monitor user accounts and ensure their passwords are secure. To export the last password change date for all users to a CSV file, here is the PowerShell script:

#Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All"

#Set the properties to retrieve
$Properties = @(
    "id",
    "DisplayName",
    "userprincipalname",
    "PasswordPolicies",
    "lastPasswordChangeDateTime",
    "mail",
    "jobtitle",
    "department"
    )

#Retrieve the password change date timestamp of all users
$AllUsers = Get-MgUser -All -Property $Properties | Select -Property $Properties

#Export to CSV
$AllUsers | Export-Csv -Path "C:\Temp\PasswordChangeTimeStamp.csv" -NoTypeInformation
powershell get last password change date office 365

The Azure AD PowerShell module (AzureAD) doesn’t offer to retrieve the “Last password changed” property.

Using MSOL PowerShell Module to get the last password change date in Office 365

PowerShell is a powerful command-line tool that can be used to manage almost every aspect of Office 365. To use PowerShell to get the last password change date in Office 365, you must install the Microsoft Online Services (MSOL) Module for Windows PowerShell.

Step-by-step guide for using PowerShell to get the last password change date in Office 365

  1. Install the Microsoft Online Services PowerShell Module for Windows PowerShell: Install-Module MSOnline
  2. Open PowerShell and connect to your Office 365 account by running the following command: Connect-MsolService
  3. Enter your Office 365 credentials when prompted.
  4. Use the following command to get the last password change date for a specific user: (Get-MsolUser -UserPrincipalName user@domain.com).LastPasswordChangeTimestamp. Replace “user@domain.com” with the user’s email address you want to check.
  5. The last password change date will be returned in UTC format.
#Connect to Microsoft Online Service
Connect-MsolService

#Get the User
$user=Get-MsolUser -UserPrincipalName "salaudeen@Crescent.com"

#Get the last password change date
$user.LastPasswordChangeTimestamp

How to check when the Office 365 password expires?

Monitoring your password expiration date enables you to avoid disruptions like account lock-out and maintain consistent access to your Microsoft 365 applications! Here are the PowerShell scripts to calculate the password expiring date for a user account:

#Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All"

#Get the User
$User = Get-MgUser -UserId "Salaudeen@crescent.com" -Property UserPrincipalName, lastPasswordChangeDateTime

#Get the user's password expiring date
$User.lastPasswordChangeDateTime.AddDays(90)

Similarly, with MSOL module, you can obtain the password expiring date as:

#Connect to Microsoft Online Service
Connect-MsolService

#Get the User
$user = Get-MsolUser -UserPrincipalName "salaudeen@crescent.com"

#Get the password Expiring date
$user.LastPasswordChangeTimestamp.AddDays(90)

This script calculates the password expiration date based on the user’s last password change and the default 90-day password expiration policy. How about finding the password expiry date for all users in your Office 365 tenant?

#Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All"

#Set the properties to retrieve
$Properties = @(
    "id",
    "DisplayName",
    "userprincipalname",
    "PasswordPolicies",
    "lastPasswordChangeDateTime",
    "AccountEnabled",
    "userType"
    )

#Retrieve All users from Microsoft 365 and Filter
$AllUsers = Get-MgUser -All -Property $Properties | Select -Property $Properties | `
    Where {$_.AccountEnabled -eq $true -and $_.PasswordPolicies -notcontains "DisablePasswordExpiration" -and $_.userType -ne "Guest"} 

#Filter and Export data to CSV
$FilteredUsers = $AllUsers | Select Id, DisplayName, UserPrincipalName, @{Name="ExpiryDate";Expression={$_.lastPasswordChangeDateTime.AddDays(90)}} 
$FilteredUsers
$FilteredUsers | Export-Csv -Path "C:\Temp\PasswordExpiryDate.csv" -NoTypeInformation

Write-host "Password Expiry Date for all users is exported!" -f Green

How to check when Office 365 password expires?

To obtain the password expiry date for a particular user account, use this PowerShell script:

#Parameter
$UserAccount = "Salaudeen@Crescent.com"

#Connect to Office 365 from PowerShell
Connect-MsolService

#Get the Default Domain
$Domain = Get-MsolDomain | where {$_.IsDefault -eq $true}

#Get the Password Policy 
$PasswordPolicy = Get-MsolPasswordPolicy -DomainName $Domain.Name

#Get the User account
$UserAccount = Get-MsolUser -UserPrincipalName $UserAccount
 
#Get Password Expiry date 
$PasswordExpirationDate = $UserAccount.LastPasswordChangeTimestamp.AddDays($PasswordPolicy.ValidityPeriod)
$PasswordExpirationDate 

#Get the Password Expiring date
$UserAccount | Select LastPasswordChangeTimestamp, @{Name="Password Age";Expression={((Get-Date).ToUniversalTime())-$_.LastPasswordChangeTimeStamp}}

To get the password expiration date for all users using the MSOL module, use this script:

#Connect to Microsoft Online Service
Connect-MsolService

#Get all Users
$AllUsers = Get-MsolUser -All | Select ObjectId, DisplayName,UserPrincipalName, BlockCredential, UserType, @{Name="ExpiryDate";Expression={$_.LastPasswordChangeTimeStamp.AddDays(90)}} 

#Filter users
$FilteredUsers = $AllUsers | Where {$_.PasswordNeverExpires -ne $true -and $_.UserType -ne "Guest" -and $_.BlockCredential -ne $true } | Select DisplayName,UserPrincipalName, ExpiryDate

$FilteredUsers
#Get the password Expiring date
$FilteredUsers | Export-Csv -Path "C:\Temp\PasswordExpiryDates.csv" -NoTypeInformation

Conclusion and key takeaways

In conclusion, checking your password expiration date is an easy process that can save you time and frustration in the future. With the methods outlined in this article, you can easily check your users’ last password change date, and take steps to improve your password security. Remember to require strong passwords, enforce password expiration, and educate your employees on the importance of password security. By following the steps outlined above, you can easily check the expiration date of your password and keep the user accounts secure.

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

Leave a Reply

Your email address will not be published. Required fields are marked *