Microsoft 365: How to force users to change their password
- Last updated: Nov 24, 2024
Here we'll look at how to force users to change their Microsoft 365 passwords with PowerShell.
First, I'll describe how to do it step by step from a PowerShell command line for a single account. Finally, I'll show a small script to do it for several accounts that are stored in a text file.
Prerequisites
We'll need the Microsoft.Graph module to connect to Microsoft 365 using PowerShell.
- Open a PowerShell prompt with administrator rights:

- Set Tls to version 1.2 for the current session context:
PS C:\> [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
- Install the Microsoft.Graph module:
PS C:\> Install-Module -name Microsoft.Graph
Connect to Microsoft 365
- Use Connect-MgGraph to open the Microsoft Microsoft 365 sign in window:
PS C:\> Connect-MgGraph
- Sign in with an adminstrator account:

- Enter password:

Reset user password
Force a new password
- Use this command to set a password for a user:
- ForceChangePasswordNextSignIn: indicates whether the user must change the password the next time he signs in
PS C:\> Update-MgUser -UserId user@shebangthedolphins.net -PasswordProfile @{ Password = "NewPassw0rd"; ForceChangePasswordNextSignIn=$false; ForceChangePasswordNextSignInWithMfa=$false }
Force the user to change his password the next time he logs in
- After this command, the password update procedure will run the next time the user logs in (it will be slower to apply with Outlook clients because it uses a caching mechanism):
- ForceChangePasswordNextSignIn=$true: the user must change their password on the next sign-in
- forceChangePasswordNextSignInWithMfa=$false: the user doesn't need to perform a multifactor authentication (MFA) before being forced to change their password.
PS C:\> Update-MgUser -UserId user@shebangthedolphins.net -PasswordProfile @{ ForceChangePasswordNextSignIn=$true; ForceChangePasswordNextSignInWithMfa=$false }
Misc
- If you want to search for a user:
PS C:\> Get-MgUser -ConsistencyLevel eventual -Count userCount -Search '"DisplayName:cartman"'

PowerShell Script to force users to change their password
If we want to force a large number of users to change their passwords, we can use a PowerShell script.
- Create a C:\users.txt containing a list of the e-mail addresses of the users for whom we wish to force a password change:

- Run this PowerShell script to force users to change their password:
###########################
# author : shebangthedolphins.net
# version : 1.1
# date : 2024.11
# role : force a list of users stored in a text file to change their Microsoft 365 password
# other : create a C:\users.txt file in which to place users
# updates :
# - 1.0 (2021/03) : First Version
# - 1.1 (2024/11) : Replace obsolete MsolService with Microsoft.Graph
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Connect-MgGraph
$file = "C:\users.txt"
ForEach ($line in (Get-Content -Path $file)) {
Write-Host "Working on $line.Replace(' ','')"
#Set-MsolUserPassword -UserPrincipalName $line.Replace(' ','') -ForceChangePasswordOnly $true -ForceChangePassword $true
Update-MgUser -UserId $line.Replace(' ','') -PasswordProfile @{ ForceChangePasswordNextSignIn=$true; ForceChangePasswordNextSignInWithMfa=$false }
}