Here is a trigger, but the name is not taken out of thin air. Logon triggers are always something you should be careful with, because if something goes wrong, users may not be able to log in. And that this may include the DBA.
I opted to add a check on when the password was changed, which should be very recently if the user had MUST_CHANGE. My thinking is that there can be special users, for instance sa, which has CHECK_POLICY ON, and this should not be changed.
CREATE OR ALTER TRIGGER Dangerous ON ALL SERVER WITH EXECUTE AS 'sa' FOR LOGON AS
IF datediff(SECOND,
convert(datetime, loginproperty(original_login(), 'PasswordLastSetTime')),
sysdatetime()) < 10
BEGIN
DECLARE @sql nvarchar(MAX) =
'ALTER LOGIN ' + quotename(original_login()) +
' WITH CHECK_EXPIRATION = OFF, CHECK_POLICY = OFF'
PRINT @sql
EXEC(@sql)
END
Personally, I would not go for a solution like this. I'd rather have something that generates a password that is not usable, for instance newid(), so that the user to preserve his sanity changes the password.