Hello,
I wrote myself a little user management tool using the GraphApi (Microsoft.Azure.ActiveDirectory.GraphClient). If I let the tool sign in with a user that only has the role user assigned:
it cannot create or delete users, but assign new passwords to other users with the following code:
List<IUser> users = await getUsers().ConfigureAwait(false);
IUser userToModify = users.Find(user => user.UserPrincipalName == CurrentUser.UserPrincipalName);
userToModify.PasswordProfile = new PasswordProfile
{
Password = password,
ForceChangePasswordNextLogin = false,
};
userToModify.PasswordPolicies = "DisablePasswordExpiration, DisableStrongPassword";
await userToModify.UpdateAsync().ConfigureAwait(false);Any idea how that can be?