azure-ad-b2cazure-ad-b2c-custom-policy

Did B2C user creation defaults change regarding password reset?


I have a site where external users sign in using a B2C tenant with custom policies. The site has been up and running for a few years without issue. Recently users newly created in the Azure portal UI aren't able to login using the initial password. They just get the "Your password has expired" error message on the login screen.

If I create a new B2C user via the graph API and set forceChangePasswordNextSignIn=false, the user is able to sign in as expected.

Can anyone confirm that the B2C user creation behavior in the Azure portal has changed? Is it possible to change it back somehow?


Solution

  • Microsoft released a fix and I can confirmed that it's working as usual again.