Self Service Password Reset In Office 365

 A question I get every now and then is, “Does it have to be administrator’s job to reset user passwords?”. Though the answer to that question heavily depends on an organization’s compliance policies and practices, I stand with the idea that an administrator resetting a user password should be the last resort. It may not be a big deal for an administrator to reset a user password check out this site. But, imagine an organization that has branches around the globe or around the country, with hundreds or thousands of users. In an organization that large, few calls to the help desk to reset passwords sure does add up at the end of the day. It is an administrator’s valuable time that goes wasted for a simple task like a password reset. Or better yet, imagine a user is trying to access his/her email account in the middle of the night and for some reason his/her password is not working anymore. He/she has no option other than to wait until the next morning until an administrator resets the password for him/her.

However, with Office 365, you do not need to worry about any of above questions as Self Service Password Reset in Azure Active Directory allow users to reset their passwords without needing an administrator.

To use Self Service Password Reset in Azure Active Directory, you either have to have Azure Active Directory Basic, Azure Active Directory Premium or a paying Office 365 subscription. Azure self service password reset can be extended to your on-premises infrastructure via directory synchronization as well. However, in this post, I will talk about how you can use it with cloud only identities.

Once you enable self service password reset in your Azure Active Directory; users must register for the service by entering the number of required authentication methods as defined by you before they can reset their passwords. As an administrator, you can decide from below 4 methods, what methods will be available to users.

  1. Office Phone
  2. Mobile Phone
  3. Alternate Email Address
  4. Security Questions

Again, as I said, this comes down to compliance policies and practices. If this feature is something that you want to use, but do not want to make available to all of your users, you can restrict it by the group membership. When you define the security group that is allowed for password reset, if the user is a member of that group only, the user can reset the password.

I have put together a step-by-step document on how to set up self service password reset at TechNet Gallery. You can download it here.

4 thoughts on “Self Service Password Reset In Office 365

  1. Terry Justice

    You said “you either have to have Azure Active Directory Basic, Azure Active Directory Premium or a paying Office 365 subscription.” We pay for some Office Online Plan 1 accounts, its just to host a cloud mailbox, not full office. I have followed what you said and users get the authentication pages. However, when they attempt to change password, it says they cannot. I spoke to Microsoft Support, he said an Azure Active Directory Premium is required for the Plan 1 accounts. The Azure Active Directory Basic or paying Office 365 subscription, which are the two I have, is not sufficient. Do you agree with him, was that something that six months ago was allowed with Azure basic, but now is only allowed with Premium? Or do you think I’ve mis-configured something, that it should work, contrary to what the support representative told me?

    Reply
    1. Muditha Jayath Chathuranga Post author

      Hi Terry,

      It should not be an issue. But, if you are using an on-premises active directory to provision identities to Office 365, then yes you need to have Azure Active Directory Premium because password write-back is available only with Azure Active Directory Premium. I’m quoting Microsoft’s official documentation as well. “To enable self-service password reset for cloud users, you must upgrade to Azure AD Premium, Azure AD Basic, or a paid O365 license. To enable-self-service password reset for your on-premises users, you must upgrade to Azure AD Premium.”

      https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-getting-started#prerequisites

      I hope this answers your question. Please do not hesitate to reply back if you have additional concerns.

      Reply

Leave a Reply