Hello Travis Hawk,
Thank you for posting in Q&A forum.
To find the logging related to the forceChangePasswordNextSignIn property, you need to check the audit logs for Azure Active Directory (AAD). Here are the steps to find the relevant logs:
- Log in to the Azure portal.
- Navigate to Azure Active Directory.
- In the Azure Active Directory menu, select Activity > Audit logs.
- In the audit log search filter, you can filter by:
Time range: Select the date and time period associated with the password reset.
User: Enter the name of the affected user account.
Action Category: Find actions related to password changes or password policies, such as those under the User Management or Password Management categories.
- Pay special attention to look for events with event ID 4724, which indicates that the password has been set to have to be changed the next time you log in. In the event details, if you see information about forceChangePasswordNextSignIn, it usually means that the property is set to True.
You mentioned that the time limit for password changes is set at 365 days. This setting is created based on your account, not every time you reset your password. So, even if you change your password multiple times, the setting will remain the same until you reach the 365-day limit.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Yanhong Liu
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.