3 Ways to Change User Passwords in Microsoft 365

Resetting or expiring passwords in Microsoft 365 can be a daily chore. Users panic, tickets pile up, and the security team worries about stale credentials and compliance deadlines.

Knowing a few reliable ways to change passwords cuts that pain, keeps data safe, and satisfies auditors. In this guide, you’ll see three proven methods, admin center clicks, Azure AD self-service, and PowerShell commands, broken down step by step.

Table of Contents

• Use Microsoft 365's UI
• Use Torii
• Use Microsoft 365's API

Use Microsoft 365’s UI

Here, you’ll use the Microsoft 365 admin center to reset a user’s password, following the same flow outlined in Microsoft’s “Reset a user password” documentation.

Step 1: Sign in to the admin center

• Go to admin.microsoft.com.
• Enter your global admin (or user management admin) credentials.
• The Microsoft 365 admin center home page opens.

Step 2: Open the Active users list

• In the left rail, pick Users.
• Click Active users.

The table shows every licensed user in your tenant.

Step 3: Select the user

• Find the person who needs a new password. Use the search bar if needed.
• Click the user’s name to open the details pane on the right.

Step 4: Start the password reset

• In the details pane, choose Reset password.
• A pop-up appears with two choices:
• Auto-generate password (Microsoft presents the password one time).
• Let me create the password.

Step 5: Enter or confirm the new password

• If you create the password yourself, type it twice.

Keep it at least eight characters with a mix of letters, numbers, and symbols.

• Leave “Require this user to change their password when they first sign in” checked unless there’s a reason not to.

Step 6: Finish and share the password safely

• Click Reset password.

A confirmation window shows the new password if it was auto-generated.

• Copy the password. Microsoft notes it won’t appear again.
• Send the password to the user in a secure way, never in plain email or chat.

The user can now sign in with the temporary password and create a new one at first log-in, just as Microsoft’s guide describes.

Use Torii

Resetting Microsoft 365 passwords one by one can eat up an admin’s day. Torii, a SaaS management platform, handles the same chore from a single dashboard. With everything in one place, teams can script onboarding, offboarding, subscription reviews, and more without bouncing between apps.

Because Torii lets you automate workflows, the password-change step fires whenever a chosen event occurs. Common triggers include a new hire, a departure, or a contract anniversary. Handing off these repeats frees administrators for work that matters.

Changing a Microsoft 365 password through Torii takes only a few minutes. Follow the steps below and you’ll have the reset running on autopilot.

1. Sign up for Torii

Contact Torii to start a no-cost, two-week proof of concept.

2. Connect your Microsoft 365 account to Torii

Once your Torii workspace is live, connect your Microsoft 365 tenant. Follow these instructions to complete the Microsoft 365 integration.

3. Create a Torii workflow for Microsoft 365

Inside Torii open the Workflows tab, pick your trigger, and add the action to change a Microsoft 365 password. After you save, Torii runs the reset each time the criteria are met.

Use Microsoft 365’s API

Here’s how to swap out a user’s password with only Microsoft Graph calls.

1. Confirm the right permissions

• In Azure Portal, open your app registration.
• Add the delegated or application permission User.ReadWrite.All.
• Grant admin consent so the token can touch passwords.

2. Grab an access token

Use OAuth 2.0 client-credentials (or auth code flow for delegated) to hit the token endpoint.

POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
grant_type=client_credentials
client_id={appId}
client_secret={secret}
scope=https://graph.microsoft.com/.default

The response returns access_token. Copy it.

3. Build the password payload

Build a JSON body with the new password plus an optional sign-in flag.

{
    "passwordProfile": {
        "password": "NewPa55word.23",
        "forceChangePasswordNextSignIn": true
    }
}

4. Send the PATCH request

Aim the request at the specific user’s object ID or UPN.

PATCH https://graph.microsoft.com/v1.0/users/{userId}
Authorization: Bearer {access_token}
Content-Type: application/json
{body from step 3}

A successful call comes back with HTTP 204. No content means it worked.

5. Test the new credentials

Sign in using the updated account yourself, or ask the user instead. If you set forceChangePasswordNextSignIn, they’ll be prompted to pick a fresh password right away.

That’s it. One token, one PATCH, password changed.

Torii for SaaS Management

If tightening your SaaS management approach sits high on your agenda, our team can help.

• Uncover shadow IT: Automated scans flag unsanctioned apps as soon as employees spin them up.
• Cut wasted spend: Reclaim idle licenses and retire overlapping tools before invoices hit, putting real dollars back in your budget.
• Simplify employee moves: Pre-built workflows handle onboarding and offboarding, shaving hours and preventing slip-ups.
• Own every renewal: Early alerts keep contract dates visible, so surprises never land in your inbox.

Torii brings everything together, giving Finance, IT, and Security teams one shared view of every company app.

Discover more at Torii. Our site walks through use cases, pricing, and real customer stories to help you decide quickly.