Script repository

Enable password reset at next logon in Microsoft 365

Updated on: Jan 18, 2026, Views: 2515

Microsoft 365

The script enables the Require this user to change their password when they first sign in option for the user in Microsoft 365. To connect to Microsoft 365, the script uses the credentials specified in the Run As section of the Run a program or PowerShell script action settings. To execute the script, create a business rule, custom command or scheduled task configured for the User object type.

# Get Microsoft 365 Object ID.
try
{
    $objectId = [Guid]$Context.TargetObject.Get("adm-AzureId")
}
catch
{
    $Context.LogMessage("The user %fullname% doesn't have a Microsoft 365 account.", "Warning")
    return
}

# Connect to Microsoft 365.
$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)
Connect-MsolService -Credential $credential

# Force password change.
Set-MsolUserPassword -ObjectId $objectId -ForceChangePassword $True -ForceChangePasswordOnly $True

Comments 0

You must be signed in to comment.

    Got questions?

    Support Questions & Answers

    We use cookies to improve your experience.
    By your continued use of this site you accept such use.
    For more details please see our privacy policy and cookies policy.