Hi @lalajee , if I understand your question correctly you wish to alert a user when an admin changes their password. For Exchange Online you can follow this guide to view Admin Audit Logs.
- In the EAC, go to Compliance management > Auditing, and then choose Run the admin audit log report.
- In the Search for changes to administrator role groups page that opens, choose a Start date and End date (the default range is the past two weeks), and then choose Search. All configuration changes made during the specified time period are displayed, and can be sorted, using the following information:
- Date: The date and time that the configuration change was made. The date and time are stored in Coordinated Universal Time (UTC) format.
- Cmdlet: The name of the cmdlet that was used to make the configuration change.
- User: The name of the user account of the user who made the configuration change.
- Up to 5000 entries will be displayed on multiple pages. Specify a smaller date range if you need to narrow your results. If you select an individual search result, the following additional information is displayed in the details pane:
- Object modified: The object that was modified by the cmdlet.
- Parameters (Parameter:Value): The cmdlet parameters that were used, and any value specified with the parameter.
If you want to print a specific audit log entry, choose the Print button in the details pane.
You can then use the Search-UnifiedAuditLog cmdlet to retrieve the logged events, and send an email using a script. An example guide for creating a script can be found here. Please let me know if you have any questions and I can help you further.
If this answer helped you please mark it as "Verified" so other users can reference it.
Thank you,
James