It might be worth checking out the Temporary Access Pass in Entra ID. I think that should provide the functionality you're looking for. More info can be found here
New User Setup
Hello, Is there a secure way to configure new user accounts in AD to when they log into computer for the first time they can create their own password without having to call the helpdesk to give them a temporary one to reset?