The script enables the Require this user to change their password when they first sign in option for the user in Microsoft 365. To execute the script, use the Run a program or PowerShell script action in a custom command, business rule or scheduled task configured for the User object type. To connect to Microsoft 365, the script uses the credentials specified in the Run As section of the action settings.
PowerShell
# Get Microsoft 365 Object ID
try
{
$objectId = [Guid]$Context.TargetObject.Get("adm-O365ObjectId")
}
catch
{
$Context.LogMessage("The user %fullname% doesn't have a Microsoft 365 account.", "Warning")
return
}
# Connect to Microsoft 365
$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)
Connect-MsolService -Credential $credential
# Force password change
Set-MsolUserPassword -ObjectId $objectId -ForceChangePassword $True -ForceChangePasswordOnly $True