Home

Onboarding new users and forcing them to change their password on first logon in AAD.

%3CLINGO-SUB%20id%3D%22lingo-sub-218839%22%20slang%3D%22en-US%22%3EOnboarding%20new%20users%20and%20forcing%20them%20to%20change%20their%20password%20on%20first%20logon%20in%20AAD.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-218839%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20rolling%20out%20SSPR%20and%20are%20working%20through%20how%20to%20manage%20our%20new%20user%20onboarding.%20Our%20users%20are%20homed%20on%20prem%20and%20synced%20via%20AAD%20connect.%20Since%20the%20%22force%20user%20to%20change%20password%20on%20first%20logon%22%20flag%20in%20local%20AD%20isn't%20supported%20for%20sync%2C%20when%20our%20users%20are%20initially%20created%20in%20Azure%2C%20they%20are%20not%20required%20to%20change%20their%20password%20when%20first%20logging%20onto%20an%20Office%20365%20app.%20Does%20anyone%20know%20of%20a%20way%20to%20default%20users%20in%20Azure%20so%20they%20must%20change%20their%20password%20upon%20first%20login%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-218839%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESSPR%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-219057%22%20slang%3D%22en-US%22%3ERe%3A%20Onboarding%20new%20users%20and%20forcing%20them%20to%20change%20their%20password%20on%20first%20logon%20in%20AAD.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-219057%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20the%20response.%20This%20was%20my%20current%20work%20around.%20We%20will%20have%20to%20setup%20a%20runbook%20in%20azure%20automation%20to%20trigger%20on%20a%20new%20user%20event%20(assuming%20that%20is%20possible).%20I%20was%20hoping%20there%20might%20be%20a%20better%20configuration%20based%20option%20so%20that%20all%20new%20users%20synced%20from%20AAD%20were%20in%20this%20state%20upon%20creation.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-218939%22%20slang%3D%22en-US%22%3ERe%3A%20Onboarding%20new%20users%20and%20forcing%20them%20to%20change%20their%20password%20on%20first%20logon%20in%20AAD.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-218939%22%20slang%3D%22en-US%22%3E%3CP%3EYup%2C%20you%20can%20easily%20do%20this%20via%20the%20Set-MsolUserPassword%20cmdlet%3A%3C%2FP%3E%0A%3CPRE%3EGet-MsolUser%20-All%20%7C%20Set-MsolUserPassword%20-ForceChangePasswordOnly%20%24true%20-ForceChangePassword%20%24true%0A%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMore%20examples%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fwww.michev.info%2FBlog%2FPost%2F1419%2Fforce-password-change-for-all-users-in-office-365%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.michev.info%2FBlog%2FPost%2F1419%2Fforce-password-change-for-all-users-in-office-365%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Jaymz Yates
Occasional Contributor

We are rolling out SSPR and are working through how to manage our new user onboarding. Our users are homed on prem and synced via AAD connect. Since the "force user to change password on first logon" flag in local AD isn't supported for sync, when our users are initially created in Azure, they are not required to change their password when first logging onto an Office 365 app. Does anyone know of a way to default users in Azure so they must change their password upon first login?

2 Replies

Yup, you can easily do this via the Set-MsolUserPassword cmdlet:

Get-MsolUser -All | Set-MsolUserPassword -ForceChangePasswordOnly $true -ForceChangePassword $true

 

 

More examples here: https://www.michev.info/Blog/Post/1419/force-password-change-for-all-users-in-office-365

Thank you for the response. This was my current work around. We will have to setup a runbook in azure automation to trigger on a new user event (assuming that is possible). I was hoping there might be a better configuration based option so that all new users synced from AAD were in this state upon creation.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies