Licensing requirements for Azure AD self-service password reset

Azure Active Directory (Azure AD) comes in four editions: Free, Basic, Premium P1, and Premium P2. There are several different features that make up self-service password reset, including change, reset, unlock, and writeback, that are available in the different editions of Azure AD. This article tries to explain the differences. More details of the features included in each Azure AD edition can be found on the Azure Active Directory pricing page.

Compare editions and features

Azure AD self-service password reset is licensed per user, to maintain compliance organizations are required to assign the appropriate license to their users.

  • Self-Service Password Change for cloud users

    • I am a cloud-only user and know my password.
      • I would like to change my password to something new.
    • This functionality is included in all editions of Azure AD.
  • Self-Service Password Reset for cloud users

    • I am a cloud-only user and have forgotten my password.
      • I would like to reset my password to something I know.
    • This functionality is included in Azure AD Basic, Premium P1, or Premium P2 editions.
  • Self-Service Password Reset/Change/Unlock with on-premises writeback

    • I am a hybrid user my on-premises Active Directory user account is synchronized with my Azure AD account using Azure AD Connect. I would like to change my password, have forgotten my password, or been locked out.
      • I would like to change my password or reset it to something I know, or unlock my account, and have that change synchronized back to on-premises Active Directory.
    • This functionality is included in Azure AD Premium P1, or Premium P2 editions.

Warning

Standalone Office 365 licensing plans don't support password writeback and require Azure AD Premium P1, or Premium P2 editions for this functionality to work.

Additional licensing information, including costs, can be found on the following pages:

Enable group or user-based licensing

Azure AD now supports group-based licensing. Administrators can assign licenses in bulk to a group of users, rather than assigning them one at a time. For more information, see Assign, verify, and resolve problems with licenses.

Some Microsoft services are not available in all locations. Before a license can be assigned to a user, the administrator must specify the Usage location property on the user. Assignment of licenses can be done under the User > Profile > Settings section in the Azure portal. When you use group license assignment, any users without a usage location specified inherit the location of the directory.

Next steps