Set up self-service password reset for your customers

With the self-service password reset feature, your customers who have signed up for local accounts can reset their passwords on their own. This significantly reduces the burden on your support staff, especially if your application has millions of customers using it on a regular basis. Currently, using a verified email address is the only supported recovery method.

Note

This article applies to self-service password reset used in the context of a sign-in policy. If you need fully customizable password reset policies invoked from your app, see this article.

By default, your directory doesn't have self-service password reset turned on. Use the following steps to turn it on:

  1. Sign in to the Azure portal as the Subscription Administrator. This is the same work or school account or the same Microsoft account that you used to create your directory.
  2. Open Azure Active Directory (in the navigation bar on the left side).
  3. Set Self service password reset enabled to All.
  4. Click Save at the top of the page. You're done!

To test, use the "Run now" feature on any sign-in policy that has local accounts as an identity provider. On the local account sign-in page (where you enter an email address and password, or a username and password), click Can't access your account? to verify the customer experience.

Note

The self-service password reset pages can be customized by using the company branding feature.