Licensing requirements for Azure AD self-service password reset
In order for Azure Active Directory (Azure AD) password reset to function, you must have at least one license assigned in your organization. We don't enforce per-user licensing on the password reset experience. To maintain compliance with your Microsoft licensing agreement, you need to assign licenses to any users that use premium features.
- Cloud-only users: Office 365 any paid SKU, or Azure AD Basic
- Cloud or on-premises users: Azure AD Premium P1 or P2, Enterprise Mobility + Security (EMS), or Secure Productive Enterprise (SPE)
Licenses required for password writeback
To use password writeback, you must have one of the following licenses assigned on your tenant:
- Azure AD Premium P1
- Azure AD Premium P2
- Enterprise Mobility + Security E3
- Enterprise Mobility + Security E5
- Microsoft 365 (Plan E3)
- Microsoft 365 (Plan E5)
Standalone Office 365 licensing plans don't support password writeback and require that you have one of the preceding plans for this functionality to work.
Additional licensing information, including costs, can be found on the following pages:
- Azure Active Directory pricing site
- Azure Active Directory features and capabilities
- Enterprise Mobility + Security
- Microsoft 365 Enterprise
Enable group or user-based licensing
Azure AD now supports group-based licensing. Administrators can assign licenses in bulk to a group of users, rather than assigning them one at a time. For more information, see Assign, verify, and resolve problems with licenses.
Some Microsoft services are not available in all locations. Before a license can be assigned to a user, the administrator must specify the Usage location property on the user. Assignment of licenses can be done under the User > Profile > Settings section in the Azure portal. When you use group license assignment, any users without a usage location specified inherit the location of the directory.
- How do I complete a successful rollout of SSPR?
- Reset or change your password
- Register for self-service password reset
- What data is used by SSPR and what data should you populate for your users?
- What authentication methods are available to users?
- What are the policy options with SSPR?
- What is password writeback and why do I care about it?
- How do I report on activity in SSPR?
- What are all of the options in SSPR and what do they mean?
- I think something is broken. How do I troubleshoot SSPR?
- I have a question that was not covered somewhere else