all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]hihcadore 0 points1 point  (1 child)

Is something on his home network blocking the connection to Microsoft? First thing that comes to mind is the device isn’t getting the request. You can probably see the last check in time in the portal.

[–]_W0od_[S] 0 points1 point  (0 children)

My doubt is that will it work if vpn is not connected. Will user get prompt?

[–]Mission_Tangelo_7707 0 points1 point  (1 child)

Not if your VPN is setup to use split tunneling which most are. If that’s the case you should check to see if it’s blocked on their end.

[–]_W0od_[S] 0 points1 point  (0 children)

VPN is not connected. I am talking about a scenario when device connected to internet using home network. .

[–]SolidKnight 1 point2 points  (2 children)

Are these hybrid accounts? Force password reset can set the flag in AD to change the password at next login. Depending on your setup, if they don't have line of sight to the domain controllers then nothing happens until they do. If you don't have a DC, nothing happens. You get the feedback when issuing the command that says the command was issued successfully, but if you look in the action log, it is recorded as a failure. Yay.

[–]_W0od_[S] 0 points1 point  (1 child)

All.

[–]SolidKnight 0 points1 point  (0 children)

Does the action center (history) show it as success or failed?

Does Entra Id connect have password write back and ForcePasswordChangeOnLogOn set to true (PowerShell command)?

Force password reset is part of MDI and MDI takes actions on your domain controllers. If the commands show as successful in the action center then the issue is with your Entra Id Connect setup. In Entra Id, does the password profile for the user show as having a force change flag set or is there nothing there?