This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 64%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIK%3C/text%3E%3C/svg%3E)
Hello. I have a question about the Microsoft Graph API.
When updating user information using Graph API, there is an item to change the password attribute. We judged that the user password can be changed only with the personally issued Oauth token and permission information.
We created a new test account and tested whether it was possible to change the password of the user, and it was concluded that it was possible according to the process above. Is this the policy enforced by Microsoft? Are there any issues with using this API in practice? please answer about my question.
Thank you in advance.
A cloud-based identity and access management service for securing user authentication and resource access
I think you are confusing self-service password reset and password change. For the latter, best use the resetPassword endpoint: https://learn.microsoft.com/en-us/graph/api/passwordauthenticationmethod-resetpassword?view=graph-rest-beta&tabs=http
@Inho Kim
I just wanted to check in and see if you required additional assistance or if you were able to resolve this issue?
----------
If any reply/answer helped resolve your question, please remember to "mark as answer" so that others in the community facing similar issues can easily find the solution.