The way to see what logins fit which of these three options is easily done by query the catalog view sys.sql_logins.
The following query provides that information:

SELECT 
    [name]
  , is_policy_checked
  , is_expiration_checked
FROM sys.sql_logins;

OPTIONS
Must change password at next login

SELECT LOGINPROPERTY('sa', 'IsMustChange');
GO
 
Result Set Legend
0 - Must not change password at next login
1 - Must change password at next login

Expired password

SELECT LOGINPROPERTY('sa', 'IsExpired');
GO
 
Result Set Legend
0 - Password is not expired
1 - Password

------------------------------------------------------------------------------------

Change Password

sp_password [ [ @old = ] 'old_password' , ]
      { [ @new =] 'new_password' }
      [ , [ @loginame = ] 'login' ]

Here is a simple example that changes the current password from
"currentPSWD" to "newPSWD";

sp_password 'currentPSWD', 'newPSWD'

ALTER LOGIN
ALTER LOGIN login_name
    {
   
    | WITH [ ,... ]
    |
    }

::=
        ENABLE | DISABLE

::=           
    PASSWORD = 'password' | hashed_password HASHED
    [
      OLD_PASSWORD = 'oldpassword'
      | [ ]
    ]
    | DEFAULT_DATABASE = database
    | DEFAULT_LANGUAGE = language
    | NAME = login_name
    | CHECK_POLICY = { ON | OFF }
    | CHECK_EXPIRATION = { ON | OFF }
    | CREDENTIAL = credential_name
    | NO CREDENTIAL
 
::=
    MUST_CHANGE | UNLOCK
::=
         ADD CREDENTIAL credential_name
          | DROP CREDENTIAL credential_name

Set Login Password 'Must Change'

I need some SQL Syntax to set the "Must Change" attribute of a Login WITHOUT having to change the current password.

I know this will do it, but it simultaneously changes the password:

ALTER LOGIN [myUser] WITH Password='$Reset123' MUST_CHANGE