Hello, since a few days users are not able to change their password via OWA if the option "User must change password at next login" is enabled. The error that comes up is "Forbidden You don't have permission to access this resource."
Users who do not need to change their password at the first login can log in to OWA and then successfully change their password.
This means the option to change the password is basically available.
We are using Exchange 2016 build 15.01.2507.021 on Server 2012 R2.
For testing, I logged into the Exchange server directly with my admin account. In the browser, OWA was then logged in with the user's credentials. In that case, the password change is possible at the first login. So something seems to be blocked when communicating with the normal clients.