Manage passwords with Microsoft Graph PowerShell
This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise.
You can use Microsoft Graph PowerShell as an alternative to the Microsoft 365 admin center to manage passwords in Microsoft 365.
Note
The Azure Active Directory module is being replaced by the Microsoft Graph PowerShell SDK. You can use the Microsoft Graph PowerShell SDK to access all Microsoft Graph APIs. For more information, see Get started with the Microsoft Graph PowerShell SDK.
First, use a Microsoft Entra DC admin or Cloud Application Admin account to connect to your Microsoft 365 tenant.
Managing passwords for a user requires the User.ReadWrite.All permission scope or one of the other permissions listed in the 'Assign license' Graph API reference page.
Connect-Graph -Scopes User.ReadWrite.All
Use these commands to set a password and force a user to change their new password the next time they sign in.
$userUPN="<user account sign in name, such as [email protected]>"
$newPassword="<new password>"
$secPassword = ConvertTo-SecureString $newPassword -AsPlainText -Force
Update-MgUser -UserId $userUPN -PasswordProfile @{ ForceChangePasswordNextSignIn = $true; Password = $newPassword }
See also
Manage Microsoft 365 user accounts, licenses, and groups with PowerShell