Get Information Last Password Change for an Entra ID User using Microsoft Graph API

This post will discuss the Last Password Change for an Entra ID User. Obtaining the prior password change date and time is a frequently asked question from end users. Using the Microsoft Graph API, we will see how to get the last password change information for an Entra ID User.

Cooperate should have a password policy that requires you to rotate the user’s password within a given time frame. This policy has to be followed for all user accounts, irrespective of whether they are Entra ID users or on-premise users.

In real-life scenarios, users may seek assistance from the helpdesk when logging into their user accounts. Before addressing the log in issue, the helpdesk should ascertain the expiration status of the user account. It is advisable to initiate troubleshooting by obtaining information regarding the most recent password modification date and time and the particulars of any account lockout occurrences.

This article will help you retrieve an Entra ID user’s last password change date and time details using the Microsoft Graph API. This will be beneficial if you want to get the previous Password Change Information and save time in real life.

Patch My PC
Index
What is Microsoft Entra ID?
Video- What is Microsoft Entra ID
Retrieve Last Password Change Information for an Entra ID user using Microsoft Graph API
PowerShell Script to Convert an ISO 8601 Timestamp
Get Information Last Password Change for an Entra ID User using Microsoft Graph API Table 1

What is Microsoft Entra ID?

Microsoft’s Entera ID signifies a pivotal advancement in cloud-based identity and access management solutions. In 2000, Microsoft unveiled Active Directory Domain Services as a mechanism for organizations to centrally manage diverse on-premises infrastructure components and systems through a unified user identity.

Get Information Last Password Change for an Entra ID User using Microsoft Graph API Fig. 1
Get Information Last Password Change for an Entra ID User using Microsoft Graph API Fig. 1

Building upon this foundation, Microsoft’s Entra ID elevates this approach by furnishing organizations with an Identity as a Service (IDaaS) solution for all their applications across cloud and on-premises environments.

Adaptiva

Microsoft Entra ID is a cloud-based identity and access management service that facilitates employee’s access to various resources. These include external resources such as Microsoft 365, the Azure portal, and various other SaaS applications, as well as internal resources encompassing corporate intranet apps and cloud apps custom-built for an organization’s specific needs.

The name change from Azure AD to Microsoft Entra ID and the licensing changes for the existing products, effective from October 1, 2023. The Microsoft Entra Innovations in the Microsoft Entra portfolio include Microsoft Entra ID Protection, Microsoft Entra ID Governance, and Microsoft Entra External ID.

Video- What is Microsoft Entra ID

If you want to know more about Entra ID or are interested in learning about it, we have a Video by Anoop C Nair on this subject. This video contains detailed information about Entra, which I think will be helpful to you.

Get Information Last Password Change for an Entra ID User using Microsoft Graph API Video 1

Retrieve Last Password Change for an Entra ID User using Graph API

Using Microsoft Graph API, let’s learn how to get the Last Password Change Information for an Entra ID user. I will use Graph Explorer, a handy browser-based tool for running your Graph calls.

The tool does not support batch commands and is limited to executing single-line commands. API calls are made through the Graph Explorer. Upon accessing the Graph Explorer, a webpage like the one below will be displayed.

NOTE! You may need to log in to Graph Explorer using your credentials if it's your first time. 

Microsoft Graph API is a REST API representing Representational State Transfer. It defines a set of functions, such as GET, PUT, POST, DELETE, etc., that clients and servers can use to access server data. They exchange data using HTTP. I will use the GET HTTP method to retrieve the information needed for this example. I will explain the different Microsoft Graph API endpoints for getting an Entra ID user’s Last Password Change Information.

HTTP MethodsDescription
GETGET method is to retrieve data from the server simply
POST The POST HTTP request method sends data to the server for processing.
PUTThe PUT method completely replaces a resource identified with a given URL.
DELETEThe DELETE method removes or deletes a resource from a server.
Get Information Last Password Change for an Entra ID User using Microsoft Graph API Table 2
NOTE! The tenant must have an active Intune license to use the Microsoft Graph API for Intune. The Microsoft Graph API controls access to resources via permissions. You must specify the permissions you need to access Intune resources. 

Let’s start with the basics. The endpoint below will retrieve all the Entra ID users. Your request must use the GET HTTP method. Click on Run Query to execute the query.

https://graph.microsoft.com/v1.0/users
Get Information Last Password Change for an Entra ID User using Microsoft Graph API Fig. 2
Get Information Last Password Change for an Entra ID User using Microsoft Graph API Fig. 2

The output contains a lot of information about Entra ID users. I will filter the output and search for my user ID. Even here, you must use the GET HTTP method. Click on Run Query to execute the query. Please remember to change the display name.

https://graph.microsoft.com/v1.0/users?$filter=displayName eq 'Sujin Nelladath'
Get Information Last Password Change for an Entra ID User using Microsoft Graph API Fig. 3
Get Information Last Password Change for an Entra ID User using Microsoft Graph API Fig. 3

The output from the above URL doesn’t have the Last Password Change Information. You would need to do more querying to get the exact output.

The following endpoint retrieves the details of the last password change. It provides the date and time of the last password change, along with the display name and ID. Your request should utilize the GET HTTP method. Click Run Query to execute the request. Replace the display name with your’s.

Get Information Last Password Change for an Entra ID User using Microsoft Graph API Fig. 4
Get Information Last Password Change for an Entra ID User using Microsoft Graph API Fig. 4

The above output is good enough to understand when the last password reset happened. You would use it directly above the endpoint to get the previous password reset of an Entra ID user. Please remember lastPasswordChangeDateTime property is in ISO 8601 time format.

PowerShell Script to Convert an ISO 8601 Timestamp

ISO 8601 time is not easy to understand if you are unfamiliar with the format. Hence, I developed a PowerShell script that will help you convert an ISO 8601 Timestamp to the yyyy/MM/dd hh:mm tt format. It would help if you run the script below with administrator privileges.

cls

# Define the input date and time string 
$inputDateTime = Read-host "Enter the time in ISO 8601 format"

# Parse the input date and time string is ISO format
$dateTime = [DateTime]::ParseExact($inputDateTime, "yyyy-MM-ddTHH:mm:ssZ", $null)

# Convert the DateTime object to the desired format
$outputDateTime = Get-Date $dateTime -Format "yyyy/MM/dd hh:mm tt"
$outputDateTime

# Output the result $outputDateTime

The $inputDateTime variable should have the input and be in ISO 8601 time format. $outputDateTime has the output.

Get Information Last Password Change for an Entra ID User using Microsoft Graph API Fig. 5
Get Information Last Password Change for an Entra ID User using Microsoft Graph API Fig. 5

This article will be a valuable resource for you and your organization in streamlining the process of getting the last Password Change Information for an Entra ID user using the Microsoft Graph API. I appreciate your patience in reading this post. I look forward to seeing you in the next post. Keep supporting the HTMD Community.

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

About the Author – Sujin Nelladath has over 10 years of experience in SCCM device management and Automation solutions. He writes and shares his experiences with Microsoft device management technologies, Azure, and PowerShell automation.

1 thought on “Get Information Last Password Change for an Entra ID User using Microsoft Graph API”

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.