question

AbhayChandramouli-2076 avatar image
0 Votes"
AbhayChandramouli-2076 asked saldana-msft edited

Microsoft Graph API | Encrypted Passwords

Hi,
For security reasons, I want to send an encrypted password in the PATCH /users/id forced password change api. Is there a way that Azure can decrypt it and store it ?

azure-ad-b2cmicrosoft-graph-users
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft commented

Hi @AbhayChandramouli-2076 • Thank you for reaching out.

Graph API takes passwords as unicode strings with no other encoding.

As the Graph API uses SSL and all the Graph Calls sent on the wire are encrypted by default, there is no option to encode/encrypt the passwords in the Graph calls that can be decrypted by Azure AD.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AbhayChandramouli-2076 avatar image AbhayChandramouli-2076 ·

So if we pass {
"passwordProfile": {
"forceChangePasswordNextSignIn": false,
"password": "Password23"
}
}
The question is "is it safe ?" to do this ?

0 Votes 0 ·
amanpreetsingh-msft avatar image amanpreetsingh-msft AbhayChandramouli-2076 ·

@AbhayChandramouli-2076 • I would say it is safe as the call is sent securely over HTTPS on the network. You just need to be careful with onlookers watching you typing the password on-screen :)

0 Votes 0 ·