Share via

How to change user's password in Azure AD through API queries?

Eric Dantas 0 Reputation points
2024-03-12T23:27:57.99+00:00

Hello guys, hope you are doin well :)

I have a need and would like to confirm whether my understanding is correct for the following question:

I have a robust chatbot application that allows you to make API calls, capture the returns, and generally integrate with other tools. I also use Azure AD, and I would like to make some Azure functions available within my chatbot, for example:

I would like to allow an admin user to change a department from other users.

And for a common user, he could change his own AD password through the bot, for example.

Obviously I can collect all the necessary data for customer authentication through the bot and pass this as a parameter for Azure AD to make the changes.

My question is: all that I need to do is run a simple request like this one quoted here?

And to update the user details like the department, do you guys have any recomended endpoint?

Are user permissions reflected in what they can do in AD through API calls? For example: if it is an administrator user, it will have access to perform administrator functions, and a user will only have access to the user things... Will this be self-applicable to API requests or does it need to be handled in code?

Thank you guys!

Microsoft Security Microsoft Entra Microsoft Entra ID

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dillon Silzer 57,826 Reputation points Volunteer Moderator
    2024-03-13T04:34:11.52+00:00

    Hi Eric,

    You can do this via a PATCH API call to Graph API:

    The following example shows a request to reset the password of another user. As a best practice, always set the forceChangePasswordNextSignIn to true.

    PATCH https://graph.microsoft.com/v1.0/users/{id}
Content-type: application/json

{
  "passwordProfile": {
    "forceChangePasswordNextSignIn": false,
    "password": "xWwvJ]6NMw+bWH-d"
  }
}

    Cited from https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http#example-3-update-the-passwordprofile-of-a-user-and-reset-their-password

    You can also see other coding language examples on the citation above. Hope this helps.

    If this is helpful please accept answer.

    0 comments
  2. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2024-03-14T07:06:09.9233333+00:00

    Hi @Eric Dantas ,

    Thanks for reaching out.

    Based on your question, it seems like you want to allow admin users to change a department for other users and allow common users to change their own AD password through the bot.

    To answer your question, you can use Microsoft Graph API to update user properties like the department and update user's password. For example, to update the department property of a user, you can use the following endpoint:

    PATCH https://graph.microsoft.com/v1.0/users/{user-id}

    User's image

    Regarding your question about user permissions, the permissions required to perform certain operations through API calls are defined by the API itself. For example, to update a user's department, you need to have the User.ReadWrite.All permission. If a user has this permission, they can perform the update operation regardless of whether they are an admin or a regular user. However, it's important to note that the permissions required to perform certain operations may vary depending on the API and the operation being performed.

    You need to authenticate the user to get the access token with required permissions to call the Graph API.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.