Set Force a user to change password on next logon via Powershell
I have created a script to try and change the user setting 'force password change at next login'. I wish to do this without having to change their password. I have tried both user authentication (using a global admin account) and application authentication (via Client Secret). When I run the script in either authentication context I get access denied when it comes to updating the user. The script was to read in a csv file and do this but I have simplified a script to the following to show the basic concept of the commands I am trying to run and the authentication process. $secureSecret = ConvertTo-SecureString "xxxxxxxxxxxxxxxxx" -AsPlainText -Force $credential = New-Object PSCredential("xxxxxxxxxxxxxxxxxxxxx", $secureSecret) Connect-MgGraph -TenantId "xxxxxxxxxxxxxxxs" -ClientSecretCredential $credential Get-MgUser -UserId "email address removed for privacy reasons" -Property "userPrincipalName,userType,onPremisesSyncEnabled" Update-MgUser -UserId "email address removed for privacy reasons" -PasswordProfile @{ForceChangePasswordNextSignIn = $true} In the application I have created I have assigned the permissions I believe would be required to support this action (I added Directory.ReadWrite.All, just in case) The read user works fine but I get the error below when trying to update Update-MgUser_UpdateExpanded: Insufficient privileges to complete the operation. Status: 403 (Forbidden) ErrorCode: Authorization_RequestDenied Date: 2025-10-15T13:36:46 I have tried this is two different 365 tenants but both fail with the same error. The tenant is a cloud only with no synchronisation from on-premise. I have tried many iterations but have reached the dead end point. Is it possible to force a password reset via a PowerShell script and if so what am I doing wrong with my permissions? TIA
Not able to logon office 365 account or change it
If I want to logon to my Office 365 account I have to enter my emailaddress. Its is an @.onmicrosoft.com account. Entering password is ok, but then I am have to verify my phone number. The last two digits are shown, but clicking on this phone number I am getting an error like: 399287. There is no way of resetting this. I already contacted helpdesk but they cannot solve this problem. I have a bussniess account and I need some help about this. Every time I want to reset or want to make a change the account I am stuck in this error screen (endless loop). Please help me.
Problem restoring deleted user with mggraph
Hello, I have done a few 365 migration and almost everytime there are some user data that has been missed in the migration. Earlier I solved this by restoring the 365 user in the source tenant to another domain using this msol script in powershell: Restore-MsolUser -UserPrincipalName email address removed for privacy reasons -Verbose Restore-MsolUser -UserPrincipalName email address removed for privacy reasons -Verbose -AutoReconcileProxyConflicts Restore-MsolUser -UserPrincipalName email address removed for privacy reasons -Verbose -AutoReconcileProxyConflicts -NewUserPrincipalName email address removed for privacy reasons I know it is not perfect but it worked well and saved a bunch of times. I have now done another migration now and got the same issue so I need to restore the users so we can access the data again and move it. BUT! I realized today that msol service is no more, so I am kinda stuck with figuring this out in mggraph. I have tried for a few hours now and I am not sure if this even possible with mggraph. Whenever I try to build a script using Restore-MgDirectoryDeletedUser/Item which google, copilote etc tells me to use I only get this error: The term 'Restore-MgDirectoryDeletedUser/item' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Or I get that it "works" but that the proxy/domain conflicts: Errors detected while trying to restore the user restoreUserErrors: ErrorValue:<pii><pii>E*****.E*******</pii>@domain.com</pii> ObjectType: ConflictingObjectId:, ErrorType:UserPrincipalName, ErrorId:InvalidDomainErrorValue:<pii>smtp:<pii>ee</pii>@domain.com</pii> ObjectType: ConflictingObjectId:, ErrorType:ProxyAddress, ErrorId:InvalidDomain Status: 400 (BadRequest) ErrorCode: Request_BadRequest Date: 2025-09-08T13:49:36 Since I do not have the first domain in the source tenant anymore I need to restore the user to a different domain. Does anyone have any idea on how I can recreate the msol version to mggraph? I feel like I have tried everything to my knowledge now so hopefully anyone here can give me help or tips. Thanks! /AdamPeople Settings Appear in the Microsoft 365 Admin Center
The Org Settings section of the Microsoft 365 admin center has a new People Settings section where you can choose properties for the Microsoft 365 profile card instead of using PowerShell. The kicker is that the old method of using Exchange custom properties to customize what appears on the profile card is being replaced with standard Entra ID properties. A migration is needed, and it’s easily done with PowerShell. https://office365itpros.com/2025/09/04/microsoft-365-profile-card-2/Develop Custom Engine Agent to Microsoft 365 Copilot Chat with pro-code
There are some great articles that explain how to integrate an MCP server built on Azure with a declarative agent created using Microsoft Copilot Studio. These approaches aim to extend the agent’s capabilities by supplying it with tools, rather than defining a fixed role. Here were some of the challenges w encountered: The agent's behavior can only be tested through the Copilot Studio web interface, which isn't ideal for iterative development. You don’t have control over which LLM is used as the orchestrator—for example, there's no way to specify GPT-4o. The agent's responses don’t always behave the same as they would if you were prompting the LLM directly. These limitations got me thinking: why not build the entire agent myself? At the same time, I still wanted to take advantage of the familiar Microsoft 365 Copilot interface on the frontend. As I explored further, I discovered that the Microsoft 365 Copilot SDK makes it possible to bring in your own custom-built agent.Entra ID Allows People to Update their User Principal Names
Entra ID allows unprivileged users to update the user principal name for their accounts via the admin center or PowerShell. It seems silly because no justification for allowing people to update such a fundamental property is evident. Perhaps Microsoft has some excellent logic for allowing such updates to occur, but blocking access seems like the right thing to do. https://office365itpros.com/2025/01/24/update-user-principal-names/AZ-500: Microsoft Azure Security Technologies Study Guide
The AZ-500 certification provides professionals with the skills and knowledge needed to secure Azure infrastructure, services, and data. The exam covers identity and access management, data protection, platform security, and governance in Azure. Learners can prepare for the exam with Microsoft's self-paced curriculum, instructor-led course, and documentation. The certification measures the learner’s knowledge of managing, monitoring, and implementing security for resources in Azure, multi-cloud, and hybrid environments. Azure Firewall, Key Vault, and Azure Active Directory are some of the topics covered in the exam.Superfast using Web App and Managed Identity to invoke Function App triggers
TOC Introduction Setup References 1. Introduction Many enterprises prefer not to use App Keys to invoke Function App triggers, as they are concerned that these fixed strings might be exposed. This method allows you to invoke Function App triggers using Managed Identity for enhanced security. I will provide examples in both Bash and Node.js. 2. Setup 1. Create a Linux Python 3.11 Function App 1.1. Configure Authentication to block unauthenticated callers while allowing the Web App’s Managed Identity to authenticate. Identity Provider Microsoft Choose a tenant for your application and it's users Workforce Configuration App registration type Create Name [automatically generated] Client Secret expiration [fit-in your business purpose] Supported Account Type Any Microsoft Entra Directory - Multi-Tenant Client application requirement Allow requests from any application Identity requirement Allow requests from any identity Tenant requirement Use default restrictions based on issuer Token store [checked] 1.2. Create an anonymous trigger. Since your app is already protected by App Registration, additional Function App-level protection is unnecessary; otherwise, you will need a Function Key to trigger it. 1.3. Once the Function App is configured, try accessing the endpoint directly—you should receive a 401 Unauthorized error, confirming that triggers cannot be accessed without proper Managed Identity authorization. 1.4. After making these changes, wait 10 minutes for the settings to take effect. 2. Create a Linux Node.js 20 Web App and Obtain an Access Token and Invoke the Function App Trigger Using Web App (Bash Example) 2.1. Enable System Assigned Managed Identity in the Web App settings. 2.2. Open Kudu SSH Console for the Web App. 2.3. Run the following commands, making the necessary modifications: subscriptionsID → Replace with your Subscription ID. resourceGroupsID → Replace with your Resource Group ID. application_id_uri → Replace with the Application ID URI from your Function App’s App Registration. https://az-9640-faapp.azurewebsites.net/api/test_trigger → Replace with the corresponding Function App trigger URL. # Please setup the target resource to yours subscriptionsID="01d39075-XXXX-XXXX-XXXX-XXXXXXXXXXXX" resourceGroupsID="XXXX" # Variable Setting (No need to change) identityEndpoint="$IDENTITY_ENDPOINT" identityHeader="$IDENTITY_HEADER" application_id_uri="api://9c0012ad-XXXX-XXXX-XXXX-XXXXXXXXXXXX" # Install necessary tool apt install -y jq # Get Access Token tokenUri="${identityEndpoint}?resource=${application_id_uri}&api-version=2019-08-01" accessToken=$(curl -s -H "Metadata: true" -H "X-IDENTITY-HEADER: $identityHeader" "$tokenUri" | jq -r '.access_token') echo "Access Token: $accessToken" # Run Trigger response=$(curl -s -o response.json -w "%{http_code}" -X GET "https://az-9640-myfa.azurewebsites.net/api/my_test_trigger" -H "Authorization: Bearer $accessToken") echo "HTTP Status Code: $response" echo "Response Body:" cat response.json 2.4. If everything is set up correctly, you should see a successful invocation result. 3. Invoke the Function App Trigger Using Web App (nodejs Example) I have also provide my example, which you can modify accordingly and save it to /home/site/wwwroot/callFunctionApp.js and run it cd /home/site/wwwroot/ vi callFunctionApp.js npm init -y npm install azure/identity axios node callFunctionApp.js // callFunctionApp.js const { DefaultAzureCredential } = require("@azure/identity"); const axios = require("axios"); async function callFunctionApp() { try { const applicationIdUri = "api://9c0012ad-XXXX-XXXX-XXXX-XXXXXXXXXXXX"; // Change here const credential = new DefaultAzureCredential(); console.log("Requesting token..."); const tokenResponse = await credential.getToken(applicationIdUri); if (!tokenResponse || !tokenResponse.token) { throw new Error("Failed to acquire access token"); } const accessToken = tokenResponse.token; console.log("Token acquired:", accessToken); const apiUrl = "https://az-9640-myfa.azurewebsites.net/api/my_test_trigger"; // Change here console.log("Calling the API now..."); const response = await axios.get(apiUrl, { headers: { Authorization: `Bearer ${accessToken}`, }, }); console.log("HTTP Status Code:", response.status); console.log("Response Body:", response.data); } catch (error) { console.error("Failed to call the function", error.response ? error.response.data : error.message); } } callFunctionApp(); Below is my execution result: 3. References Tutorial: Managed Identity to Invoke Azure Functions | Microsoft Learn How to Invoke Azure Function App with Managed Identity | by Krizzia 🤖 | Medium Configure Microsoft Entra authentication - Azure App Service | Microsoft Learn
1000 Free Udemy Coupons on Microsoft Power Automate With AI Builder
<<BAKRI ID(Id-ul-Ad'ha) -- 1000 FREE UDEMY COUPONS ON RPA>> On the Occasion of BAKRI ID(Id-ul-Ad'ha), I am very happy to share 1000 Free udemy coupons on Microsoft Power Automate With AI Builder Title : Advanced RPA - Microsoft Power Automate With AI Builder https://www.udemy.com/course/microsoft-power-automate-with-ai-builder/?couponCode=LT-BAKRID <<Our other courses on Udemy and Udemy Business>> Title : PL-500 Microsoft Power Automate RPA Developer BootCamp Link: https://www.udemy.com/course/pl-500-microsoft-power-automate-rpa-developer-bootcamp/?referralCode=891491BAB7F20B865EE6 Title 1: Become RPA Master in MS Power Automate Desktop https://www.udemy.com/course/microsoft-power-automate-desktop-tutorials-for-beginners/?referralCode=03D49B549EE2193E79EE Title 2: RPA : Microsoft Power Automate Desktop - Zero to Expert : 2 https://www.udemy.com/course/microsoft-power-automate-desktop-course-zero-to-expert-2/?referralCode=783F39A1D0CDB4A70A7C Title 3: RPA:Microsoft Power Automate Desktop:Intelligent Automation https://www.udemy.com/course/power-automate-desktop-course-intelligent-automation/?referralCode=E8C51F3C27EA98FE100C Connect with me on LinkedIn : https://www.linkedin.com/in/ameer-basha-p-b44880262/ Youtube Channel : www.youtube.com/learningtechnologies
