Users: Forcing a Password Change

Forcing a user to change their password using Microsoft Graph.

• https://learn.microsoft.com/en-us/graph/api/resources/users?view=graph-rest-1.0#who-can-perform-sensitive-actions
• forceChangePasswordNextSignIn cannot be used in conjunction with Passthrough Authentication.

PowerShell

Connect-MgGraph -Scopes @('Directory.AccessAsUser.All')

$params = @{
    passwordProfile = @{
        forceChangePasswordNextSignIn = $true
    }
}
$userId = '<UserId or UPN>'
Update-MgUser -UserId $userId -BodyParameter $params

Dependencies

Microsoft Graph SDK for PowerShell

Install-Module Microsoft.Graph -AllowClobber -Force

Connect-MgGraph

Using the Microsoft Graph Command Line Tools Enterprise Application:

Connect-MgGraph -Scopes @('')

Using an existing Access Token:

Connect-MgGraph -AccessToken (ConvertTo-SecureString 'ey..' -AsPlainText -Force)

Using an Application Registration (Platform: Mobile and desktop applications, redirect http://localhost):

Connect-MgGraph -ClientId 'abc..' -TenantId 'abc..'

Using a ClientId and Secret (Password):

$tenantId = ''
$clientId = ''
$secret = ConvertTo-SecureString '' -AsPlainText -Force
$secretCredential = New-Object System.Management.Automation.PSCredential ($clientId, $secret)
$params = @{
    'SecretCredential' = $secretCredential
    'TenantId'         = $tenantId
}
Connect-MgGraph @params