Let users rest their Passwords in Office 365
Office 365 and Azure AD allows users to reset their own passwords, this reduces the calls to helpdesk for password resets. Once you enable this setting users will be able to navigate to https://passwordreset.microsoftonline.com/ and reset their own passwords.
To get started Launch the Office 365 Admin Center
Navigate to Office 365 admin center > settings > security & add-ins
From the Security & add-ins page, scroll down to “Let your people reset their own passwords”, then click on the Azure AD Admin center link.
On the Azure AD Home page, navigate to Azure Active Directory
The click on Password Reset
On the Password Reset settings page, you will notice that password reset is not enabled and you need to enable it.
There is two different options that you can choose from.
- Select (you can select a Sync Group and users in that group will be able to rest their passwords)
- All (this option allows everyone in your organization to reset their passwords.
If you click on “Selected”, then you will be prompted to select a group.
If you select “All”, then you can click on Save only.
Next step is to configure the authentication methods which users can use. Navigate to Password Reset > Authentication Methods
Select the number of methods which is required to reset a password, default is 1. Then select the which methods to make available to your users.
If you select Mobile app code, then your users can navigate to aka.ms/mfasetup to setup their mobile app authenticator.
On the next section click on Registration, on this page the admin will be able to configure the number of days before a user is asked to re-confirm their authentication information.
Next click on Notification, here you will be able to configure if a user will or admin will get a notification when a user has changed their password.
From the next option, you can integrate your On-Premise so that your synced users can reset their own passwords as well.
From Azure AD Connect enable “password writeback”, more details on password writeback can be found here.
Once this has been enabled, user can go to https://passwordreset.microsoftonline.com/ , here they will be promoted for email address and then enter the security caption and click next
The user will have an option to select one of the authentication methods to verify their identity.