Force Password Change

Forces a user to change their password at the next sign-in.

Usage


Connect-MgGraph -Scopes "User.ReadWrite.All"

Replace user@domain.com with the target user’s UPN:


$PasswordProfile = @{ ForceChangePasswordNextSignIn = $true }
Update-MgUser -UserId "user@domain.com" -PasswordProfile $PasswordProfile

This sets the ForceChangePasswordNextSignIn flag — the user will be prompted to create a new password the next time they sign in.

Last updated on March 6, 2026