Azure Active Directory password reset for IT administrators
Are you here because you want to reset your Azure or O365 password? If so, please skip to this section.
Self-service has long been a key goal for IT departments across the world as a cost-reduction and labor-saving measure. Indeed, the market is flooded with products that let you manage your on-premises groups, passwords, or user profiles from the cloud or on-premises. Azure Active Directory (Azure AD) sets itself apart from other offerings by providing some of the easiest to use and most powerful self-service capabilities available today.
Azure AD Password Management is a set of capabilities that allow your users to manage any password from any device, at any time, from any location, while remaining in compliance with the security policies you define.
ADMINS: Learn about how to get started with Azure AD password reset
If you're an admin who wants to enable Azure AD password reset, or just learn more about it, start with the links below to get to what you're interested in.
|Supported scenarios||What is possible with Azure AD password reset?|
|Why use it?||Why use Azure AD password reset?|
|Pricing and availability||Pricing and availability|
|Enable password reset||Enable password reset for your users|
|Customize how it works||Customize password reset behavior|
|Roll it out to my users||Configure your users to use password reset|
|View reports||View password reset activity with integrated reports|
|Reset a user's password||Manage your users' passwords|
|Set my organization's password policies||Set password policies|
|Troubleshoot a problem||Troubleshoot a problem|
|FAQ||Read a FAQ|
|Technical details||Understand the technical details|
|Newly released features||Recent service updates|
|Links to other documentation||Links to password reset documentation|
What is possible with Azure AD password reset?
Here are some of the things you can do with Azure AD's password management capabilities.
- Self-service password change allows end users or administrators to change their expired or non-expired passwords without calling an administrator or helpdesk for support.
- Self-service password reset allows end users or administrators to reset their passwords automatically without calling an administrator or helpdesk for support. Self-service password reset requires Azure AD Premium or Basic. For more information, see Azure Active Directory Editions.
- Administrator-initiated password reset allows an administrator to reset an end user’s or another administrator’s password from within the Azure Management Portal.
- Password management activity reports give administrators insights into password reset and registration activity occurring in their organization.
- Password Writeback allows management of on-premises passwords from the cloud so all of the above scenarios can be performed by, or on the behalf of, federated or password synchronized users. Password Writeback requires Azure AD Premium. For more information, see Getting started with Azure AD Premium.
Why use Azure AD password reset?
Here are some of the reasons you should use Azure AD's password management capabilities
- Reduce costs - support-assisted password reset is typically 20% of organization's IT spend
- Improve user experiences - users don't want to call helpdesk and spend an hour on the phone every time they forget their passwords
- Lower helpdesk volumes - password management is the single largest helpdesk driver for most organizations
- Enable mobility - users can reset their passwords from wherever they are
Pricing and availability
Azure AD password reset is available in 3 tiers, depending on which subscription you have:
- Azure AD Free - cloud-only administrators can reset their own passwords
- Azure AD Basic or any Paid O365 Subscription - cloud-only users and cloud-only administrators can reset their own passwords
- Azure AD Premium - any user or administrator, including cloud-only, federated, or password synced users, can reset their own passwords (requires password writeback to be enabled)
For more information on Azure AD Premium or Basic pricing, visit the Active Directory Pricing Details page.
Enable password reset for your users
|How do I enable password reset for cloud users?||Enable users to reset their cloud Azure Active Directory passwords|
|How do I enable password reset and change for on-premises users?||Enable users to reset or change their on-premises Active Directory passwords|
|How do I scope password reset to a specific set of users?||Restrict password reset to specific users|
|How do I test cloud password reset?||Reset your Azure AD password as a user|
|How do I test on-premises password reset?||Reset your on-premises AD password as a user|
|How do I disable password reset at a later time?||Setting: users enabled for password reset|
Customize password reset behavior
|How do I change what authentication methods are supported?||Setting: authentication methods available to users|
|How do I change number of authentication methods required?||Setting: number of authentication methods required|
|How do I set up custom security questions?||Setting: custom security questions|
|How do I set up pre-canned localized security questions?||Setting: knowledge-based security questions|
|How can I change how many security questions are required?||Setting: number of security questions for registration or reset|
|How can I customize how a user gets in touch with an admin?||Setting: customize the "contact your administrator" link|
|How can I allow users to unlock AD accounts without resetting a password?||Setting: enable users to unlock their AD accounts without resetting a password|
|How can I enable password reset notifications for users?||Setting: notify users when their passwords have been reset|
|How can I enable password reset notifications for admins?||Setting: notify other admins when an admin reset their own password|
|How can I customize password reset look and feel?||Setting: company name, branding, and logo|
Configure your users to use password reset
|How do I know if an account is configured for password reset?||What makes an account configured for password reset?|
|How do I get my users configured for password reset?||Ways to populate password reset authentication data for your users|
|How do I manually upload data for my users?||Uploading password reset data yourself|
|How do I use PowerShell to read or set data for my users?||How to access password reset data for your users|
|How can I synchronize password reset data from on-premises?||What data is used by password reset|
|How can I use an email campaign to get my users to register for and use password reset?||Email-based rollout of password reset|
|How can I force my users to register when signing in?||Enforced registration-based rollout of password reset|
|How can I force my users to re-confirm their registered periodically?||Setting: number of days before users must re-confirm their authentication data|
|What are best practices around communicating password reset to end users?||Creating your own password portal for your users to use|
View password reset activity with integrated reports
|Where do I go to see password reset reports?||Overview of password management reports|
|Where can I see how users are using password reset in my organization?||View password reset activity|
|Where can I see how many users are registering, and what they are registering for?||View password reset registration activity|
|How can I get password reset reports from an API?||Creating an azure ad application to access the reporting API|
|What kind of password reset reporting information is available through an API?||Password reset and registration events available in the reporting API|
Manage your users' passwords
|How do I reset a user's password from the O365 management portal?||Reset a user's password in Office 365|
|How do I reset a user's password using PowerShell?||Reset a user's password with Set-MsolUserPassword|
Set password policies
|How do I set organization password expiration policy from Office 365?||Set password expiration policy|
|How do I set a specific user's passwords to never expire with PowerShell?||Set individual user's password to never expire using PowerShell|
|How do I find out whether a user's password is set to never expire using PowerShell||Check individual user's password expiration status using PowerShell|
Troubleshoot a problem
|What information should I provide to support if I need help?||Information to include when you need help|
|How can I fix a problem with password reset||Troubleshoot the password reset portal|
|How can I fix a problem with password writeback||Troubleshoot password writeback|
|How can I fix a problem with password writeback connectivity||Troubleshoot password writeback connectivity|
|How can I fix a problem with password reset configuration||Troubleshoot password reset configuration in the azure management portal|
|How can I fix a problem with password reset reports||Troubleshoot password management reports in the azure management portal|
|How can I fix a problem with password reset registration||Troubleshoot the password reset registration portal|
|Password writeback event log error codes||Password writeback event log error codes|
Read a FAQ
|I want to read a FAQ about password reset registration||Password reset registration FAQ|
|I want to read a FAQ about password reset||Password reset FAQ|
|I want to read a FAQ about password reset reports||Password management reports FAQ|
|I want to read a FAQ about password writeback||Password writeback FAQ|
Understand the technical details
|I want to learn about what password writeback is||Password writeback overview|
|I want to learn about how password writeback works||How does password writeback work?|
|I want to learn about what scenarios are supported by password writeback||Scenarios supported for password writeback|
|I want to learn about how password writeback is secured||Password writeback security model|
|I want to learn about how the password reset portal works||How does the password reset portal work?|
|I want to learn about what data is used by password reset||What data is used by password reset?|
Recent service updates
Enforce password reset registration at sign-in to Office 365 apps - November 2015
- Now, after enabling the enforced registration feature, your users will be required to register from anywhere they sign in with a work or school account. This dramatically increases the speed at which many organizations can onboard to password reset. With this new feature we've seen large organizations onboarding in as little as 2 weeks!
Support for unlocking on-premises AD Accounts without resetting a password - November 2015
- Unlock only (without reset) is a huge helpdesk driver these days. In fact, many organizations spend up to 70% of their password reset budget unlocking accounts! To meet this demand, now with Azure AD password reset, you can enable a feature to let your users unlock on-premises AD accounts separately from password reset. Check out how to turn it on here: Setting: enable users to unlock their on-premises AD accounts without resetting a password.
Usability updates to registration page - October 2015
- Now, when a user has data already registered, he or she can just click "looks good" to update the data without needing to re-send the email or phone call.
Improved reliability of password writeback - September 2015
- As of the September release of Azure AD Connect, the password writeback agent will now more aggressively retry connections and additional, more robust, failover capabilities.
API for retrieving password reset reporting data - August 2015
- Now, the data behind the password reset reports can be retrieved directly from the Azure AD Reports and Events API.
Support for Azure AD password reset during cloud domain join - August 2015
- Now, any cloud user can reset his or her password right from the Windows 10 sign in screen during the cloud domain join onboarding experience. Note, this is not yet exposed on the Windows 10 sign in screen.
Enforce password reset registration at sign-in to Azure and federated apps - July 2015
- In addition to enforcing registration when signing into myapps.microsoft.com, we now support enforcing registration during sign ins to the Azure Management Portal and any of your federated single-sign on applications
Security question localization support - May 2015
- Now, you have the option to select pre-defined security questions which are localized in the full O365 language set when configuring Security Questions for password reset.
Account unlock support during password reset - June 2015
- If you're using password writeback and you reset your password when your account is locked, we'll automatically unlock your Active Directory account!
Branded self-service password reset (SSPR) registration - April 2015
- The password reset registration page is now branded with your company logo!
Security questions - March 2015
- We released security questions to GA!
Account unlock - March 2015
- Now users can unlock their accounts when password reset occurs
Below are some of the cool features we're working on right now!
Support for Reminding Users to Update their Registered Data During Sign-in - Work in progress
- Today, we support reminding users to update their registered data when accessing myapps.microsoft.com, but we're working on the ability to do so for all sign ins.
Below are links to all of the Azure AD password reset documentation pages:
- Are you here because you're having problems signing in? If so, here's how you can change and reset your own password.
- How it works - learn about the six different components of the service and what each does
- Getting started - learn how to allow you users to reset and change their cloud or on-premises passwords
- Customize - learn how to customize the look & feel and behavior of the service to your organization's needs
- Best practices - learn how to quickly deploy and effectively manage passwords in your organization
- Get insights - learn about our integrated reporting capabilities
- FAQ - get answers to frequently asked questions
- Troubleshooting - learn how to quickly troubleshoot problems with the service
- Learn more - go deep into the technical details of how the service works