microsoft-graph-apimicrosoft-entra-external-id

Why must "force_change_password_next_sign_in" be set to false for MS External ID Local Accounts?


See: https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-beta&tabs=http#example-3-create-a-customer-account-in-external-tenants

For local account identities, password expirations must be disabled, and force change password at next sign-in must also be disabledenter image description here

Why is force_change_password_next_sign_in required to be false? Surely a common scenario is to create a local account with a default password, then force that password to be changed on login?


Solution

  • I queried this with Microsoft support and got a response a few days later. Setting it to false is a best practice thing to reduce password resets and such. Not a technical limitation, at least in External ID B2B.