![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 53%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKV%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 7.000000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC3%3C/text%3E%3C/svg%3E)
Hello Vidisha!
Thanks for reaching out.
I have reproduced this using this bit of the documentation and was able to successfully send the PATCH request and logged in using the temporary password. I then reset my password and was able to use the new password to log in. The correct response should be a 204
https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http#example-3-update-the-passwordprofile-of-a-user-and-reset-their-password
When you use the Graph API to reset a user's password (PATCH /users/{id} with passwordProfile), the new password is set, but by default, forceChangePasswordNextSignIn is often set to true.
When the user signs in, they're prompted to change their password. However, the "current password" the system expects is the one set by the API, not the user's previous password.
If the user enters their old password (before the API reset), it will fail. They must enter the password set by the API as the "current password" in the change password prompt.