Onboarding new users and forcing them to change their password on first logon in AAD.

Brass Contributor

We are rolling out SSPR and are working through how to manage our new user onboarding. Our users are homed on prem and synced via AAD connect. Since the "force user to change password on first logon" flag in local AD isn't supported for sync, when our users are initially created in Azure, they are not required to change their password when first logging onto an Office 365 app. Does anyone know of a way to default users in Azure so they must change their password upon first login?

2 Replies

Yup, you can easily do this via the Set-MsolUserPassword cmdlet:

Get-MsolUser -All | Set-MsolUserPassword -ForceChangePasswordOnly $true -ForceChangePassword $true



More examples here: https://www.michev.info/Blog/Post/1419/force-password-change-for-all-users-in-office-365

Thank you for the response. This was my current work around. We will have to setup a runbook in azure automation to trigger on a new user event (assuming that is possible). I was hoping there might be a better configuration based option so that all new users synced from AAD were in this state upon creation.