How to force a password reset in Microsoft 365?
If there's evidence of unusual activity on a user account, enforcing a password change is crucial to secure the account and prevent further compromise in Microsoft 365. While this can be done through the Microsoft 365 admin center, you'll need to reset the user's password and then share it securely with them.
However, by using PowerShell you can force users to change their password without resetting the existing password.
Force Password Change for a Microsoft 365 User
Connect to the Microsoft Graph PowerShell module using the below cmdlet.
Connect-MgGraph -Scopes "User.ReadWrite.All"
Execute the following cmdlet to force password update for the particular user.
$PasswordProfile=@{ForceChangePasswordNextSignIn=$true}
Update-MgUser -UserId <UPN> -PasswordProfile <$PasswordProfile>
-Replace your desired password profile in the <$PasswordProfile> and replace <UPN> with the "user principal name" of the intended user.
Force Password for All Microsoft 365 Users
Run the following PowerShell script to enforce a password reset for all Microsoft 365 users after connecting to the MS Graph PowerShell module.
$AllUsers = Get-MgUser -All
# Create the password profile to force password change
$PasswordProfile = @{ ForceChangePasswordNextSignIn = $true}
# Loop through each user and update their password profile
foreach ($user in $AllUsers) {
$UPN = $user.UserPrincipalName
Update-MgUser -UserId $UPN -PasswordProfile <$PasswordProfile>}
After forcing password changes, it's essential to check whether the changes were successfully implemented. However, there are no status details available for this in Microsoft 365.
You can capture all forced password changes in M365 with AdminDroid, which ensures comprehensive tracking and management!
By using AdminDroid's Force Change User Password report, you can easily audit when an admin enables the option to force users to change their passwords and identify which users were affected. You can also check the success of the forced password change based on the result status.
- You can easily mail this report to the respective admins, providing insights into the forced password changes.
- This functionality ensures admins are informed about affected users and the success of the changes, leading to to effective security management.
Handy tip: Use the Schedule (⏰) option to receive automated insights on forced password changes on a daily, weekly, or monthly basis.