This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 2%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi Team,
I need some clarification related to Azure AD audit logs not capturing the password change event for synced users.
AAD Connect Current Configuration:
Problem is I don't see any event in Azure AD audit logs related to when user password got changed in-on premises AD. Requirement is I'm checking if our PAM solution is rotating end user password in AD and the same is recorded in Azure AD for Synced user.
Is this something because we have completely turned off Password HashSync in AAD Connect ?
Or is this by default that Azure AD never record any Password change event for Synced users from on-premises AD? (I believe this is not TRUE because in case of SSPR it records an event)
Let me know your views on this scenario.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
To view password management reports you must be a global administrator, and you must opt-in for this data to be gathered on behalf of your organization.
What type of password change is it? Is it a user or an admin performing the change?
You should be able to see them under Users > Audit logs > Activity
This page goes over the types of logs that are available. https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-reporting