Resetting a user’s password is a common administrative task that, if automated securely, can greatly reduce IT workload and improve user experience. In this blog post, we’ll walk through a real-world solution to reset user passwords using Microsoft Power Automate, Azure App Registration, Microsoft Graph API, and Dataverse for logging, along with user notification through email.

This solution helps in automating helpdesk operations securely and efficiently—especially in large organizations.

Business Scenario

Imagine an organization where employees frequently forget their passwords and need assistance to reset them. Traditionally, the IT support team would handle these requests manually, consuming valuable time.

To streamline this process:

• A self-service mechanism is introduced where employees can request password resets.
• A Power Automate flow validates the request, securely resets the password using Microsoft Graph API, logs the outcome in Dataverse, and notifies the employee.

This not only saves time for IT staff but also enhances the end-user experience.

Prerequisites

To implement this solution, make sure you have the following:

1. Azure Active Directory App Registration:
   1. Assign Application API permissions: User.ReadWrite.All.
   2. Grant Admin consent to these permissions.
   3. Register a new app in Azure AD.
   4. Assign User Administrator Role to the app.
2. Client Secret:
   1. Generate and securely store the client secret from Azure App Registration.
3. Tenant ID and Client ID:
   1. These are required to obtain the Graph API access token.
4. Power Automate Environment:
   1. Ability to create cloud flows with HTTP and Dataverse connectors.
5. Microsoft Dataverse Table:
   1. Table: Password Reset Logs with fields:
      • Status (Choice: Success, Failed)
      • Remarks (Text)
      • User Principal Name (Text)
6. Email Integration or Teams Integration:
   • Email must be set up in Power Platform (Outlook 365 connector or SMTP) to notify users of their new credentials.
   • Teams Connection must be added to notify user in the teams chat.

Step-by-Step Guide to Reset User Password using Power Automate

Step 1: Register an App in Azure AD

1. Go to Azure Portal → App registrations → New registration.

2. Name the app (e.g., “UserPasswordResetApp”).
3. Redirect URI can be left blank or set to a placeholder (not needed for client credentials).
4. Click Register.

Step 2: Configure API Permissions

1. Navigate to the API permissions tab.
2. Add permission: Microsoft Graph → Application Permissions → User.ReadWrite.All

3. Click Grant admin consent for your organization.

Note: Once Admin consent granted, you should see a green checkmark under the “Status” column, confirming the permissions have been granted successfully.

Step 3: Generate Client Secret

1. Under the Certificates & secrets tab → Click New client secret.
2. Copy the value; store it securely (you’ll use this in the flow).

Step 4: Create a Dataverse Table for Logging

1. In your Power Apps environment, create a Dataverse table named “Password Reset Logs” with the following columns:
   1. Status (Choice: Success, Failed)
   2. Remarks (Text)
   3. User Principal Name (Text)

Step 5: Create the Flow in Power Automate

Create an automated cloud flow triggered manually or via Power Apps, or by an HTTP request.

Step 5.1: Trigger the flow

• Choose a trigger: Manual button, Power Apps trigger, or HTTP request trigger.
• Input parameter: User Principal Name (UPN) of the user to reset.

Step 5.2: Get Access Token

Use HTTP Action with the following configuration:

• Method: POST
• URI: https://login.microsoftonline.com/{TenantId}/oauth2/v2.0/token
• Headers: Content-Type: application/x-www-form-urlencoded
• Body: client_id={ClientId}&client_secret={ClientSecret}&scope=https://graph.microsoft.com/.default&grant_type=client_credentials

Note: Parse the returned access token using Parse JSON action.

Step 5.3: Retrieve User Details

Use another HTTP Action with the following configuration:

• Method: GET
• URI: https://graph.microsoft.com/v1.0/users/{UPN From Input}
• Headers: Authorization: Bearer {Access Token from Previous Step}

Note: Parse the returned user details using Parse JSON action.

Step 5.4: Reset the Password using Graph API

Use another HTTP Action with the following configuration:

• Method: PATCH
• URI: https://graph.microsoft.com/v1.0/users/{UPN From Input}
• Headers:
  • Authorization: Bearer {Access Token from Previous Step}
  • Content-Type: application/json
• Body:

{
  "passwordProfile": {
    "password": "<Random Generated Password>",
    "forceChangePasswordNextSignIn": true
  }
}

Step 5.5: Log Status to Dataverse

Use Add a new row action

• Table Name: Password Reset Logs
• Fields:
  • User Principal Name [Required]
  • Remarks [Optional]
  • Status (Failed/Success) [Optional]

Note: Use Scope actions for logging steps and configure Run After settings. If the password reset step fails, run the Log Failure scope. If it succeeds and the failure log is skipped, run the Log Success scope. This ensures accurate status logging in Dataverse.

Step 5.6: Notify the User

We can notify user using the below actions –

A. Use “Send an Email (V2)” from Office 365 Outlook:

• TO: mail (from User Details Parse JSON action)
• Subject: Password Reset Status
• Body: <Response Message Variable>

Output:

B. Use “Post message in a chat or channel” from Microsoft Teams:

• Post as: Flow Bot
• Post in: Chat with flow bot
• Recipient: mail (from User Details Parse JSON action)
• Message: <Response Message Variable>

Output:

Troubleshooting & Common Pitfalls

Security Considerations

• Always protect client secrets and tokens using Azure Key Vault.
• Avoid storing plain text passwords unless encrypted or masked.
• Use role-based access to restrict who can trigger password resets.
• Consider audit logging and alerting for failed attempts.

Related Links

• Microsoft Graph overview – Microsoft Graph | Microsoft Learn
• Register an app in Microsoft Entra ID | Microsoft Learn
• Microsoft Entra Built-in Roles Microsoft Entra ID | Microsoft Learn
• Assign Microsoft Entra roles – Microsoft Entra ID | Microsoft Learn
• HTTP Request | Microsoft Learn
• What is Microsoft Dataverse? – Power Apps | Microsoft Learn

Conclusion

Automating user password resets using Power Automate and Microsoft Graph API is a powerful capability that brings efficiency, security, and better user experience to your organization. By integrating this with Dataverse logging and email notifications, you ensure traceability, transparency, and quick response.

Implement this solution today to reduce IT overhead and empower your users with seamless password management.

Have any questions or ideas to improve this further? Drop them in the comments! 🔐

Happy Automating!