This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We have created an account for reseting password with Authentication Admin role for it.
We are able to reset user's password with success everytime whe try to reset without the "requireChangeOnNextSignIn" flag, but if we try using it with 'false' value, we get an error telling about the flag being not available.
Also, if we try to pass the same parameter with 'true' value, it gets accepted. But this is the same behavior as not sending the parameter and it is not useful to our project development.
Does anyone have any clue about this?
We are following this documentation: https://learn.microsoft.com/en-us/graph/api/authenticationmethod-resetpassword, using V1.0 route.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 14.000000000000002%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Is this issue is still not resolved?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 38%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hello @Mark , thank you for your post.
As mentioned by my colleague @JamesTran-MSFT earlier, the behavior observed when setting requireChangeOnNextSignIn parameter to false is expected. The flag was added for a specific use case, and we are currently working on updating our documentation on authenticationMethod: resetPassword to more accurately advise developers against using this. Additionally, at this point, there isn't any other way to be able to update this particular flag. Resetting a user's password will always require the users to update it the next time they sign in, for security purposes.
If you have any other questions, please let me know.
Thank you for your time.
@Luiz Thomaz
Thank you for your post!
When using the authenticationMethod: resetPassword Graph REST API, I ran into the same issue. When passing the requireChangeOnNextSignIn parameter in the request body and setting it to false, I ran into a Forbidden error, even though not passing the parameter would essentially be the same as setting it to false.
I've reached out to my team and our engineering team to see if they can look into this and share any insights.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Hello @JamesTran-MSFT !
Thanks for your response. Indeed there's a problem with this graph route...
Did you receive any feedback about this issue?
@Luiz Thomaz
Thank you for following up on this!
I haven't received an update from our engineering team, but have followed-up this afternoon and will update as soon as possible.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
@Luiz Thomaz
Thank you for your time and patience throughout this issue!
I wanted to let you know that our engineering team is currently looking into this, as it might be a potential bug. I'll continue to work with them and update as soon as possible.
If you have any other questions, please let me know.
Thank you!
@JamesTran-MSFT
Thanks for the update!
I'll be waiting then.
@Luiz Thomaz
Thank you for your time and patience on this!
I received a response from our engineering team, and the failure when setting the requireChangeOnNextSignIn parameter to false is expected, since this flag was added for legacy Office scenarios. Our product group is currently working with the author of the authenticationMethod: resetPassword documentation, who'll publish an official note so current and future users don't run into this issue.
If you have any other questions, please let me know.
Thank you again for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 92%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGA%3C/text%3E%3C/svg%3E)
Hi,
@JamesTran-MSFT
Will there be a workaround or other method to be able to update this flag, or using the reset will always require the users to update their passwords on first sign in?
Thanks
Hi @Gjorgji Arnaudovski , good day.
Wanted to circle back on your last query here on behalf of my colleague @JamesTran-MSFT .
At this point, there isn't any workaround to be able to update this particular flag. You are correct in your understanding that resetting a user's password will always require the users to update it the next time they sign in. This has been designed keeping in mind the security aspect - the owner of the account should always be the only person who knows the password for that account. For an admin to be able to reset a user's password lets the admin take action without the user's presence. The user subsequently changing the password then gets the user back to a good state where the password is truly a secret known only to them.
Do let us know if there are any other questions around this.
Thank you for your patience and understanding.