Skip to content

aad user hibp

Allows you to retrieve all accounts that have been pwned with the specified username


m365 aad user hibp [options]


-n, --userName <userName>
The name of the user to retrieve information for.
--apiKey, <apiKey>
Have I been pwned API Key. You can buy it from
--domain, [domain]
Limit the returned breaches only contain results with the domain specified.
-h, --help [help]
Output usage information. Optionally, specify which section of command's help you want to see. Allowed values are options, examples, remarks, response, full. Default is full.
--query [query]
JMESPath query string. See for more information and examples
-o, --output [output]
Output type. json,text,csv,md. Default json
Runs command with verbose logging
Runs command with debug logging


If the user with the specified user name doesn't involved in any breach, you will get a No pwnage found message when running in debug or verbose mode.

If API Key is invalid, you will get a Required option apiKey not specified error.


Check if user with user name is in a data breach

m365 aad user hibp --userName --apiKey _YOUR-API-KEY_

Check if user with user name is in a data breach against the domain specified

m365 aad user hibp --userName --apiKey _YOUR-API-KEY_ --domain

More information