Adam Cushing Blog: MSGraph- Force Password Change at Next Login / Revoke Token (Log them out)

To force user to change at next login and log them out.

Install-Module Microsoft.Graph.Users -Scope AllUsers -Force
Install-Module Microsoft.Graph.Users.Actions -Scope AllUsers -Force

Import-Module Microsoft.Graph.Users

Import-Module Microsoft.Graph.Users.Actions

Connect-MgGraph -Scopes "User.ReadWrite.All", "Directory.AccessAsUser.All"

$email = "user@domain.com"

# Force password change at next login
Update-MgUser -UserId $email -PasswordProfile @{ ForceChangePasswordNextSignIn = $true }

# Confirm it's flagged
Get-MgUser -UserId $email -Property PasswordProfile | Select-Object UserPrincipalName, @{Name="ForceChange";Expression={$_.PasswordProfile.ForceChangePasswordNextSignIn}}

# Revoke sign-in sessions (log them out of everything)
Revoke-MgUserSignInSession -UserId $email

Adam Cushing Blog

Wednesday, June 11, 2025

MSGraph- Force Password Change at Next Login / Revoke Token (Log them out)

No comments:

Post a Comment