question

KhaledLaghrour-8984 avatar image
0 Votes"
KhaledLaghrour-8984 asked JamesTran-MSFT commented

MS365 tenant provisioning automation

Hello everyone,

Here is the context:
When we create tenat via CSP, it returns tenant informations plus admin account with temporary password that has to be changed in first login. This will be blocking point because we want to configure the tenant automatically without any manual intervention.

Question: can we change the password using Microsoft Graph API or MS365 powershell modules? Your suggestions are very welcome.

Thank you in advance.

Khaled

azure-ad-tenant
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered JamesTran-MSFT commented

@KhaledLaghrour-8984
Thank you for your post!

You can Manage passwords using PowerShell, for Microsoft 365 as an alternative to the Microsoft 365 admin center to manage passwords in Microsoft 365.

Azure Active Directory PowerShell for Graph module - Set a password
Use these commands to specify a password for a user account.

 $userUPN="<user account sign in name, such as belindan@contoso.com>"
 $newPassword="<new password>"
 $secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force
 Set-AzureADUserPassword -ObjectId  $userUPN -Password $secPassword


Microsoft Azure Active Directory Module for Windows PowerShell - Set a password

 $userUPN="<user account sign in name>"
 $newPassword="<new password>"
 Set-MsolUserPassword -UserPrincipalName $userUPN -NewPassword $newPassword

When it comes to using the Microsoft Graph API you can use the user: changePassword REST API. However, as my colleague @amanpreetsingh-msft states, "this can only be done in current users context to change his/her own account's password..." For more info.
162420-image.png


If the above features aren't what you're looking for, I'd recommend leveraging our User Voice forum and creating a feature request so our engineering team can look into adding this capability.



If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (23.1 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @JamesTran-MSFT

Thank you for your reply :)
We have verified the information you provided in your response, in our case we cannot get an access token to reset the password because the administrator account is the first available user in the tenant,the problem is that changing the password of an account for which it is necessary to change the password during the first login cannot be done automatically.


0 Votes 0 ·
JamesTran-MSFT avatar image JamesTran-MSFT KhaledLaghrour-8984 ·

@KhaledLaghrour-8984
Thank you for following up on this!

Unfortunately, as you mentioned, it currently isn't possible to change an accounts password using the Graph API or PowerShell modules during initial log-in - when you have to change the temporary password. However, if you'd like this to be a feature available in the future, I'd recommend leveraging our User Voice forum and creating a feature request so our engineering team can look into adding this capability.


I've also created an internal feature request for our engineering team on my end as well.


If you have any other questions, please let me know.
Thank you again for your time and patience throughout this issue!


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·