Active Directory administrators have the ability to require a user to reset their password in the event of a security situation, such as lost or stolen credentials, or if the user was recently added to Active Directory. Requiring a reset on the next login is considered good practice in these events.
Forcing a password reset is not a function of Azure AD directly, however it is available in a B2C workflow. To learn more about how to use B2C to force password changes, see the Azure documentation (below).
In Terraform -
References:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/force-password-reset?pivots=b2c-user-flow
https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/user#force_password_change