The information provided in this article is applicable only to on-cloud users.
You can conveniently verify if a user has updated their password using the Azure AD Audit Logs or the CoreView Audit Logs. Follow the steps below to access these logs and filter them to find the necessary information.
1. Using Microsoft Entra Audit logs
- Navigate the Microsoft Entra Admin Center and search for “Audit logs”.
- Apply a “Date” filter to select the date range you need.
- Apply a filter to the “Activity” column, searching for keywords like “Reset password” or “Reset user password”.
- Select the desired action and click “Apply”. This will display the following details:
- Target: the user for whom the password has been updated.
- Initiated by: the user who updated the password.
2. Using CoreView
CoreView offers an even simpler method to determine if a user has updated their password. Follow the steps below:
- Navigate to the CoreView app
- Under “Audit”, select “Entra”
- Apply the “Change user password” filter to the “Operation” column.
- This will display all activities related to password changes.
If you've updated the password using the CoreView app, you can review the corresponding action by checking the “Audit log” section under “Settings > Aufit log”. Simply apply a “password” filter to the “Action” column.
By following these simple steps, you can easily verify if a user has updated their password.