Is there any SDK through which I can update passwords of Microsoft Service Accounts (Non-People Accounts)? What kind of permissions would it require?

Sachin Kumar 1 Reputation point Microsoft Employee
2023-06-02T15:12:07.4366667+00:00

I get the option to 'Reset Password' in the AAD portal. I was wondering if there is an SDK through which I can set up the password reset dynamically without having the need to interfere.
Any information is appreciated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
{count} votes

2 answers

Sort by: Most helpful
  1. Vasil Michev 119.8K Reputation points MVP Volunteer Moderator
    2023-06-02T16:15:18.74+00:00

    Sure, you can use the Graph API: https://learn.microsoft.com/en-us/graph/api/authenticationmethod-resetpassword?view=graph-rest-1.0&tabs=http

    If you mean resetting the credentials on a service principal object, that's handled via the following: https://learn.microsoft.com/en-us/graph/api/serviceprincipal-addpassword?view=graph-rest-1.0&tabs=http

    Though for service principals you should be using key credentials, now passwords.

    0 comments No comments

  2. CarlZhao-MSFT 46,376 Reputation points
    2023-06-05T08:48:39.5733333+00:00

    Hi @Sachin Kumar

    You can reset a user's password by updating their password profile. Before doing this, the calling app must be assigned the User.ReadWrite.All application permission and at least the User Administrator Azure AD role.

    3

    Refer to the sample graph C# SDK code:

    using Microsoft.Graph;
    using Azure.Identity;
    using Microsoft.Graph.Models;
    
    
    var scopes = new[] { "https://graph.microsoft.com/.default" };
    
    var tenantId = "{tenant id}";
    
    // Values from app registration
    var clientId = "{client id}";
    var clientSecret = "{client secret}";
    
    // using Azure.Identity;
    var options = new TokenCredentialOptions
    {
        AuthorityHost = AzureAuthorityHosts.AzurePublicCloud
    };
    
    // https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential
    var clientSecretCredential = new ClientSecretCredential(
        tenantId, clientId, clientSecret, options);
    
    var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
    
    
    var requestBody = new User
    {
        PasswordProfile = new PasswordProfile
        {
            ForceChangePasswordNextSignIn = false,
            Password = "xxxxxxxxxxxxx",
        },
    };
    
    await graphClient.Users["{user id}"].PatchAsync(requestBody);
    

    Note that this code is only applicable to versions above Microsoft Graph SDK 5.0.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.