[PowerShell/Microsoft.Graph] Reset User Password

Question

Hi, I'm trying to reset an user password with powershell using the Microsoft Graph Module.

I'm connecting to the graph with this cmd, with all the Certificate stuff :

Connect-MgGraph -ClientId $clientId -TenantId $tenantId -CertificateThumbprint $certThumbprint

Following this article https://mikecrowley.us/2022/03/24/resetting-azure-ad-user-passwords-with-microsoft-graph-powershell/, I tried to use the cmdlet : Reset-MgUserAuthenticationMethodPassword

Unfortunately the error is

From other questions, such as : resetting-a-users-password or how-to-update-the-password-of-user-in-azure-ad-using-graph-api, I should give the permission : Directory.AccessAsUser.All and use the cmdlet Update-MgUser but I still got an error :

Here are my permissions :

And here are the Permission/Scopes from the context :

]7

Am I missing something ?

Thanks.

Answer 1

Directory.AccessAsUser.All is a delegate permission, it requires you to connect in the user context, whereas your Connect-MgGraph cmdlet uses CBA/application login. This is also the reason why you don't see the Directory.AccessAsUser.All scope listed in the output of Get-MgContext.

Application permissions are not supported for the password reset operation, as mentioned in the official documentation. So, connect in the user context, with an user that has sufficient permissions, and the query should work fine.