Stop user from being able to change password to the current one again using Graph API

Anonymous
2022-06-19T17:56:48.11+00:00

Hi,
I am creating a power automate flow to be used by Power Virtual Agent Bot which will assist user in changing their passwords.
API: https://graph.microsoft.com/v1.0/users/<UserID>
{
"passwordProfile": {
"password": "Test12345678",
"forceChangePasswordNextSignIn": false
}
}
However, I noticed that user is able to change password to the current password again.
That means even with password change policy, user can forever keep the same password.

Any ways to overcome this limitation?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,715 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Srinivasa Rao Darna 6,696 Reputation points Microsoft Vendor
    2022-06-20T12:09:01.927+00:00

    Hi @Anonymous ,

    AAD password policies enable users to use the same password, the last password can be used again when the user resets a forgotten password.
    Refer to Azure AD password policies.

    Hope this helps.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have further questions about this answer, please click "Comment".