There could be several reasons why a user's password is constantly needing to be reset and the user is unable to login despite a successful password reset. Here are a few things you can check:
- Cached credentials: When a user changes their password, the new password may not be immediately synced to all devices that the user has previously logged into. This can result in the user's device using cached credentials, which would mean that the new password is not recognized. To resolve this, the user can try logging out of the device and then logging back in with the new password.
- Third-party apps: Some third-party apps that use the user's Office 365 credentials may also have cached the user's old password. The user should check any apps that they use that are connected to their Office 365 account and update the password in those apps as well.
- Active Directory Synchronization: If the user's account is being managed by an on-premises Active Directory and the user is also synced to Azure AD, there could be a problem with the synchronization. One way to check is to see if the user's account is in a "synced" or "cloud" state in Azure AD and check the syncing status.
- Multi-Factor Authentication (MFA): If the user has MFA enabled, they may be prompted to verify their identity using a phone call, text message, or app notification before they can reset their password.
- Other issues: There may be other issues that are causing the user's password to be rejected. Some of the troubleshooting steps include checking the Azure AD Connect, checking the password policy and check if the user account is blocked.