Azure AD Cloud User - find when password will expire

Question

We have an Azure AD user in our B2B tenant we would like to calculate when the password will expire. I cannot seem to find a way to do this in Azure. I've tried get-azureaduser select-object * and I can see a bunch of properties, but not any I'm looking for. I can see the "PasswordNeverExpires" is set to False, but how do I find out further details (when pwd was last set, when will it expire, etc).
Thanks in advance.

Answer 1

B2B users don't authenticate against your Azure AD instance, their passwords are managed in the home tenant. Thus you cannot get this information.

For a regular user, you can calculate the expiration date based on the LastPasswordChangeTimestamp value and the corresponding password policy settings. There are sample scripts available online if you need a ready to use solution. Again, that's for your own users, not guests.

Answer 2

Sorry, I probably worded this wrong. We have an Azure tenant, and in that tenant we have an Azure Active Directory, this is where that user account lives. It is a cloud only account, it is not synced with any on premise directory, etc.

The command that gives me 'some' properties is this one:

Get-AzureADUser -ObjectId user@mytenant.onmicrosoft.com | Select-Object *

But I'm looking to find out when this user changed pwd so I can calculate when it'll expire.
Does that help?

Answer 3

I wonder if the attribute "RefreshTokensValidFromDateTime" when doing a get-azureaduser property represents the last password change? Can someone verify that?