Export M365 Users Last Password Change Date and Time

Photo of author
Jatin Makhija
0

In this blog post, I will demonstrate how to view and export M365 users last password change date and time information. I will utilize Microsoft Entra admin center to view this information and to export it to a CSV file, I will be using Microsoft Graph PowerShell module.

Is Last Password Change Date and Time Information useful ?

Last password change date and time information is valuable for several reasons, especially in maintaining security and auditing user activity. Here’s how it can help:

  • Security breach analysis: Helps determine if a user has changed their password following a suspicious event or breach.
  • Detecting unauthorized activity: Identifies whether a password change might have been triggered by a malicious actor (by knowing if a user has recently triggered a manual password change).
  • Policy enforcement: Assists in checking whether users are complying with password change policies.
  • Activity monitoring: Useful for assessing if the password was changed recently or a long time ago, which can help identify stale or inactive accounts.

View Last Password Change Information on Entra admin center

Let’s check the steps to view last password change information for Microsoft 365 users. For this, we will be using Entra admin center:

  • Sign in to the Entra admin center.
  • Navigate to Entra ID > Users > All Users.
  • From the top menu, Click on Manage view > Edit columns.
View Last Password Change Information from Entra ID
  • Click on Add Column > Use the drop-down to select Last password change date time and click on Save.
Select Last password change date time Parameter
  • As shown in the below screenshot, last password change date and time information is displayed on the screen.
Last password change date time column shows the date and time Info for Entra/M365users

Export Last Password Change Information Using PowerShell

Now that we know how to view the last password change date and time information of Microsoft 365/Entra ID users from the Entra admin center, you may also want to export this information to a CSV file. To export this data, we will use the Microsoft Graph PowerShell module. Let’s go through the steps:

  • Launch Windows PowerShell console and execute below commands.

Install Microsoft Graph PowerShell module

Install-Module -Name Microsoft.Graph -AllowClobber -Scope CurrentUser -Force

Import Microsoft Graph PowerShell module

Import-Module -Name Microsoft.Graph

Connect with MS Graph using required permissions

Connect-MgGraph -Scopes "User.Read.All"

View M365/Entra ID users last password change date and time Info

Get-MgUser -All -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime | Select-Object -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime
View M365/Entra ID users last password change date and time Info

Export M365/Entra ID users last password date and time Info to CSV

Get-MgUser -All -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime | Select-Object -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime | Export-Csv C:\temp\LastPasswordChangeInfo.csv
Export M365/Entra ID users last password date and time Info to CSV

Below is the CSV file exported with the DisplayName, UserPrincipalName and LastPasswordChangeDateTime Information. You can also export more Entra ID user properties by updating the command as shown in the following section.

Export M365/Entra ID users last password date and time Info to CSV

As an example, I will export users account enabled status along with last password change date and time information using below command.

Get last password change information including account enabled status to CSV

Get-MgUser -All -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime, accountEnabled | Select-Object -Property DisplayName, UserPrincipalName, LastPasswordChangeDateTime, AccountEnabled | Export-Csv C:\temp\LastPasswordChangeInfo2.csv
Get last password change information including account enabled status to CSV

Function capacity 4096 has been exceeded for this scope

When you try to import Microsoft Graph PowerShell module, you might encounter the following error message. The import process will fail, and any attempt to run Microsoft Graph PowerShell commands at this stage will also fail.

This issue typically occurs due to a limitation in the PowerShell session. To resolve it, you need to increase the $MaximumFunctionCount value to 32768, and then try importing the module again.

Error

Import-Module : Function Get-MgDirectoryRoleMemberAsApplication cannot be created because function
capacity 4096 has been exceeded for this scope.
Function Get-MgDirectoryRoleMemberAsApplication cannot be created because function capacity 4096 has been exceeded for this scope.

Open PowerShell console as an administrator and execute below commands to Import Microsoft Graph PowerShell module.

Install-Module -Name Microsoft.Graph -AllowClobber -Scope CurrentUser -Force
Update-Module -Name Microsoft.Graph
$maximumfunctioncount = '32768'
Import-Module -Name Microsoft.Graph
Function capacity 4096 has been exceeded for this scope

Leave a Comment

Step-by-Step guides for Setup/Troubleshooting/Configuration solutions on Intune, Microsoft 365, Powershell, Windows, Azure, and other Cloud technologies.

About the author
Contact Us
Privacy Policies
Comment Policies
Cookie Policies

Let's Connect!