Share via

Checking enforcement of "Immediate Temporary Password Change" with graph api

Dancing Strawberry 101 Reputation points
2021-06-17T18:15:27.217+00:00

In the Microsoft 365 admin center, for a given active user, I reset their password, making sure that I check the box labeled "Require this user to change their password when they first sign in".
106705-image.png

So far so good, now I go ahead and click the button to reset the password. I check user properties using the graph api (v1.0), using the endpoint https://graph.microsoft.com/v1.0/users?$select=displayName,passwordProfile
And as expected I see this:
106675-image.png
But when I reset the password, and don't check the box to require the user to change their password, I get this in the graph api:
106723-image.png
Am I missing something? passwordProfile is null by default, so why does it stay this way when the password is reset, why wouldn't it show "forceChangePasswordNextSignIn" as false instead?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,436 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Choudhary 601 Reputation points Microsoft Employee
    2021-06-21T18:26:48.383+00:00

    @Dancing Strawberry Please note that forceChangePasswordNextSignIn, whether set to true or false, applies only to the next sign in, which you already accomplished by the reset. After the reset, your passwordProfile settings have already been applied and the property is set to null.

    "forceChangePasswordNextSignIn": false means either no password reset at next sign in or it could mean you'll be using the custom policies or user flows to reset the password

    Hope this helps. Thanks!