Azure Active Directory password reset for IT administrators

Important

Are you here because you want to reset your Azure or O365 password? If so, please skip to this section.

Self-service has long been a key goal for IT departments across the world as a cost-reduction and labor-saving measure. Indeed, the market is flooded with products that let you manage your on-premises groups, passwords, or user profiles from the cloud or on-premises. Azure Active Directory (Azure AD) sets itself apart from other offerings by providing some of the easiest to use and most powerful self-service capabilities available today.

Azure AD Password Management is a set of capabilities that allow your users to manage any password from any device, at any time, from any location, while remaining in compliance with the security policies you define.

ADMINS: Learn about how to get started with Azure AD password reset

If you're an admin who wants to enable Azure AD password reset, or just learn more about it, start with the links below to get to what you're interested in.

Topic
Supported scenarios What is possible with Azure AD password reset?
Why use it? Why use Azure AD password reset?
Pricing and availability Pricing and availability
Enable password reset Enable password reset for your users
Customize how it works Customize password reset behavior
Roll it out to my users Configure your users to use password reset
View reports View password reset activity with integrated reports
Reset a user's password Manage your users' passwords
Set my organization's password policies Set password policies
Troubleshoot a problem Troubleshoot a problem
FAQ Read a FAQ
Technical details Understand the technical details
Newly released features Recent service updates
Links to other documentation Links to password reset documentation

What is possible with Azure AD password reset?

Here are some of the things you can do with Azure AD's password management capabilities.

  • Self-service password change allows end users or administrators to change their expired or non-expired passwords without calling an administrator or helpdesk for support.
  • Self-service password reset allows end users or administrators to reset their passwords automatically without calling an administrator or helpdesk for support. Self-service password reset requires Azure AD Premium or Basic. For more information, see Azure Active Directory Editions.
  • Administrator-initiated password reset allows an administrator to reset an end user’s or another administrator’s password from within the Azure Management Portal.
  • Password management activity reports give administrators insights into password reset and registration activity occurring in their organization.
  • Password Writeback allows management of on-premises passwords from the cloud so all of the above scenarios can be performed by, or on the behalf of, federated or password synchronized users. Password Writeback requires Azure AD Premium. For more information, see Getting started with Azure AD Premium.

Why use Azure AD password reset?

Here are some of the reasons you should use Azure AD's password management capabilities

  • Reduce costs - support-assisted password reset is typically 20% of organization's IT spend
  • Improve user experiences - users don't want to call helpdesk and spend an hour on the phone every time they forget their passwords
  • Lower helpdesk volumes - password management is the single largest helpdesk driver for most organizations
  • Enable mobility - users can reset their passwords from wherever they are

Pricing and availability

Azure AD password reset is available in 3 tiers, depending on which subscription you have:

  • Azure AD Free - cloud-only administrators can reset their own passwords
  • Azure AD Basic or any Paid O365 Subscription - cloud-only users and cloud-only administrators can reset their own passwords
  • Azure AD Premium - any user or administrator, including cloud-only, federated, or password synced users, can reset their own passwords (requires password writeback to be enabled)

For more information on Azure AD Premium or Basic pricing, visit the Active Directory Pricing Details page.

Enable password reset for your users

Topic
How do I enable password reset for cloud users? Enable users to reset their cloud Azure Active Directory passwords
How do I enable password reset and change for on-premises users? Enable users to reset or change their on-premises Active Directory passwords
How do I scope password reset to a specific set of users? Restrict password reset to specific users
How do I test cloud password reset? Reset your Azure AD password as a user
How do I test on-premises password reset? Reset your on-premises AD password as a user
How do I disable password reset at a later time? Setting: users enabled for password reset

Customize password reset behavior

Topic
How do I change what authentication methods are supported? Setting: authentication methods available to users
How do I change number of authentication methods required? Setting: number of authentication methods required
How do I set up custom security questions? Setting: custom security questions
How do I set up pre-canned localized security questions? Setting: knowledge-based security questions
How can I change how many security questions are required? Setting: number of security questions for registration or reset
How can I customize how a user gets in touch with an admin? Setting: customize the "contact your administrator" link
How can I allow users to unlock AD accounts without resetting a password? Setting: enable users to unlock their AD accounts without resetting a password
How can I enable password reset notifications for users? Setting: notify users when their passwords have been reset
How can I enable password reset notifications for admins? Setting: notify other admins when an admin reset their own password
How can I customize password reset look and feel? Setting: company name, branding, and logo

Configure your users to use password reset

Topic
How do I know if an account is configured for password reset? What makes an account configured for password reset?
How do I get my users configured for password reset? Ways to populate password reset authentication data for your users
How do I manually upload data for my users? Uploading password reset data yourself
How do I use PowerShell to read or set data for my users? How to access password reset data for your users
How can I synchronize password reset data from on-premises? What data is used by password reset
How can I use an email campaign to get my users to register for and use password reset? Email-based rollout of password reset
How can I force my users to register when signing in? Enforced registration-based rollout of password reset
How can I force my users to re-confirm their registered periodically? Setting: number of days before users must re-confirm their authentication data
What are best practices around communicating password reset to end users? Creating your own password portal for your users to use

View password reset activity with integrated reports

Topic
Where do I go to see password reset reports? Overview of password management reports
Where can I see how users are using password reset in my organization? View password reset activity
Where can I see how many users are registering, and what they are registering for? View password reset registration activity
How can I get password reset reports from an API? Creating an azure ad application to access the reporting API
What kind of password reset reporting information is available through an API? Password reset and registration events available in the reporting API

Manage your users' passwords

Topic
How do I reset a user's password from the O365 management portal? Reset a user's password in Office 365
How do I reset a user's password using PowerShell? Reset a user's password with Set-MsolUserPassword

Set password policies

Topic
How do I set organization password expiration policy from Office 365? Set password expiration policy
How do I set a specific user's passwords to never expire with PowerShell? Set individual user's password to never expire using PowerShell
How do I find out whether a user's password is set to never expire using PowerShell Check individual user's password expiration status using PowerShell

Troubleshoot a problem

Topic
What information should I provide to support if I need help? Information to include when you need help
How can I fix a problem with password reset Troubleshoot the password reset portal
How can I fix a problem with password writeback Troubleshoot password writeback
How can I fix a problem with password writeback connectivity Troubleshoot password writeback connectivity
How can I fix a problem with password reset configuration Troubleshoot password reset configuration in the azure management portal
How can I fix a problem with password reset reports Troubleshoot password management reports in the azure management portal
How can I fix a problem with password reset registration Troubleshoot the password reset registration portal
Password writeback event log error codes Password writeback event log error codes

Read a FAQ

Topic
I want to read a FAQ about password reset registration Password reset registration FAQ
I want to read a FAQ about password reset Password reset FAQ
I want to read a FAQ about password reset reports Password management reports FAQ
I want to read a FAQ about password writeback Password writeback FAQ

Understand the technical details

Topic
I want to learn about what password writeback is Password writeback overview
I want to learn about how password writeback works How does password writeback work?
I want to learn about what scenarios are supported by password writeback Scenarios supported for password writeback
I want to learn about how password writeback is secured Password writeback security model
I want to learn about how the password reset portal works How does the password reset portal work?
I want to learn about what data is used by password reset What data is used by password reset?

Recent service updates

Enforce password reset registration at sign-in to Office 365 apps - November 2015

  • Now, after enabling the enforced registration feature, your users will be required to register from anywhere they sign in with a work or school account. This dramatically increases the speed at which many organizations can onboard to password reset. With this new feature we've seen large organizations onboarding in as little as 2 weeks!

Support for unlocking on-premises AD Accounts without resetting a password - November 2015

Usability updates to registration page - October 2015

  • Now, when a user has data already registered, he or she can just click "looks good" to update the data without needing to re-send the email or phone call.

Improved reliability of password writeback - September 2015

  • As of the September release of Azure AD Connect, the password writeback agent will now more aggressively retry connections and additional, more robust, failover capabilities.

API for retrieving password reset reporting data - August 2015

Support for Azure AD password reset during cloud domain join - August 2015

  • Now, any cloud user can reset his or her password right from the Windows 10 sign in screen during the cloud domain join onboarding experience. Note, this is not yet exposed on the Windows 10 sign in screen.

Enforce password reset registration at sign-in to Azure and federated apps - July 2015

  • In addition to enforcing registration when signing into myapps.microsoft.com, we now support enforcing registration during sign ins to the Azure Management Portal and any of your federated single-sign on applications

Security question localization support - May 2015

  • Now, you have the option to select pre-defined security questions which are localized in the full O365 language set when configuring Security Questions for password reset.

Account unlock support during password reset - June 2015

  • If you're using password writeback and you reset your password when your account is locked, we'll automatically unlock your Active Directory account!

Branded self-service password reset (SSPR) registration - April 2015

  • The password reset registration page is now branded with your company logo!

Security questions - March 2015

  • We released security questions to GA!

Account unlock - March 2015

  • Now users can unlock their accounts when password reset occurs

Coming soon

Below are some of the cool features we're working on right now!

Support for Reminding Users to Update their Registered Data During Sign-in - Work in progress

  • Today, we support reminding users to update their registered data when accessing myapps.microsoft.com, but we're working on the ability to do so for all sign ins.

Next steps

Below are links to all of the Azure AD password reset documentation pages:

  • Are you here because you're having problems signing in? If so, here's how you can change and reset your own password.
  • How it works - learn about the six different components of the service and what each does
  • Getting started - learn how to allow you users to reset and change their cloud or on-premises passwords
  • Customize - learn how to customize the look & feel and behavior of the service to your organization's needs
  • Best practices - learn how to quickly deploy and effectively manage passwords in your organization
  • Get insights - learn about our integrated reporting capabilities
  • FAQ - get answers to frequently asked questions
  • Troubleshooting - learn how to quickly troubleshoot problems with the service
  • Learn more - go deep into the technical details of how the service works