question

WesleyLoo-2057 avatar image
0 Votes"
WesleyLoo-2057 asked saldana-msft edited

Checking enforcement of "Immediate Temporary Password Change" with graph api

In the Microsoft 365 admin center, for a given active user, I reset their password, making sure that I check the box labeled "Require this user to change their password when they first sign in".
106705-image.png

So far so good, now I go ahead and click the button to reset the password. I check user properties using the graph api (v1.0), using the endpoint https://graph.microsoft.com/v1.0/users?$select=displayName,passwordProfile
And as expected I see this:
106675-image.png
But when I reset the password, and don't check the box to require the user to change their password, I get this in the graph api:
106723-image.png
Am I missing something? passwordProfile is null by default, so why does it stay this way when the password is reset, why wouldn't it show "forceChangePasswordNextSignIn" as false instead?

microsoft-graph-usersmicrosoft-graph-identity
image.png (9.4 KiB)
image.png (13.5 KiB)
image.png (5.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Adding right tags/teams to assist

0 Votes 0 ·

1 Answer

ShwetaChoudhary-8869 avatar image
0 Votes"
ShwetaChoudhary-8869 answered ShwetaChoudhary-8869 commented

@WesleyLoo-2057 Please note that forceChangePasswordNextSignIn, whether set to true or false, applies only to the next sign in, which you already accomplished by the reset. After the reset, your passwordProfile settings have already been applied and the property is set to null.

"forceChangePasswordNextSignIn": false means either no password reset at next sign in or it could mean you'll be using the custom policies or user flows to reset the password

Hope this helps. Thanks!

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your answer, could you expand on your statement

 "forceChangePasswordNextSignIn": false means either no password reset at next sign in or ...

How do I get to the state "no password reset at next sign in"? For my current understanding, that means, the second checkbox labeled "Require this user to change their password when they first sign in" is not checked when an admin resets a user's password, which I tried, as demonstrated in the original question. At no point thus far have I been able to see the forceChangePasswordNextSignIn property set to false. Note that I'm checking the graph api response before a user logs in with the automatically generated password.

Is there another setting I'm missing elsewhere? I'm not using any "custom policies or user flows" to reset the password.

0 Votes 0 ·

Please check this github link for your clarification.


0 Votes 0 ·