Microsoft 365 password reset
The Self-Service Password Reset (SSPR) feature in Azure AD allows users to reset their passwords without going through the help desk. However, changes to users' Azure AD passwords are only synchronized with their on-premises domain accounts when Azure AD Connect is configured and the password writeback feature is enabled.
ADSelfService Plus is an Active Directory (AD) self-service password management and single sign-on solution that lets users reset their AD passwords on their own with its Self-Service Password Reset feature. It also offers the Password Synchronization feature to sync any changes to users' passwords with their user accounts in enterprise applications like Microsoft 365 (previously Office 365) and Azure AD. Apart from this, ADSelfService Plus also provides single sign-on, exhaustive reports, strong password policies, and much more to simplify password management and secure user identities.
With these capabilities, users can use the same password to log in to Azure AD that they use to sign in to their AD domains; they can also reset their passwords without help desk intervention.
Let's take a look at how to reset a password using SSPR in Azure AD.
- Go to the Azure AD login page and enter your username.
- Click Forgot password when asked to enter your password.
- In the password reset page, enter your email address or username.
- Now choose how you would like to get your verification code. You can receive it through a call, SMS message, or email.
- Now, enter the verification code to prove your identity.
- Complete the second identity verification step. You'll have the option to choose from one of the two methods not used in the previous step.
- After successful verification, you can submit a new password.
- You will now be able to log in with your new password.
How ADSelfService Plus simplifies and secures Office 365 password reset
- Access the ADSelfService Plus portal from your login screen, mobile app, mobile site, or any web browser.
- Click Forgot your password?
- Enter your username and click Continue.
- Complete the identity verification process. Admins can select from 15 advanced authentication methods including biometrics, Google Authenticator, and YubiKey. Here, we have some security questions.
- In the drop-down, select your Office 365 account and submit a new password.
- If the password meets all the password complexity requirements, it will be successfully reset.
So how does Azure AD's native password reset feature compare to ADSelfService Plus'? Take a look at the comparison chart below:
| Azure AD SSPR | ADSelfService Plus |
|---|---|
| Self-service password resets can be performed from the login screens of machines running only on Windows 10 operating systems. | Self-service password resets can be performed from the login screens of most Windows clients and servers, macOS, and Linux machines (see the supported OS versions). |
| No mobile app for self-service password resets. | Exclusive iOS and Android mobile apps for self-service password resets. |
| Supports only two factor authentication (TFA); provides four authentication methods to choose from. | Offers multi-factor authentication (MFA); supports 15 authentication methods to choose from, including Microsoft Authenticator, fingerprint authentication, and Face ID authentication. Multi-factor authentication can be enforced. |
| Local cached credentials cannot be updated after password reset. | Local cached credentials can be updated using a VPN after password reset, allowing even remote users to regain access to their machines. |
| The number of self-service password resets performed cannot be restricted. | Admins can restrict the number of self-service password resets performed within a period of time. |
| No provision for notifications to be sent to the user or admin upon successful password reset. | SMS, email, and push notifications can be sent on successful password reset. |
| The password policy cannot be enforced during password changes from the Ctrl+Alt+Del screen | The custom password policy enforcer enforces password policies during password changes from the Ctrl+Alt+Del console and password resets by admins using the ADUC console. |
ADSelfService Plus also offers a password change feature that helps users change their Windows AD domain password in accordance to the password policy enforced by the administrator. Password changes made using this feature can be synchronized with their Microsoft 365, previously Office 365, accounts using the password synchronization feature. Password policies created using the password policy enforcer feature help ensure users create strong passwords. Users can change their enterprise application account passwords, including their Microsoft 365, Google Workspace, and Salesforce accounts, without changing their AD password using ADSelfService Plus.
Other advantages of ADSelfService Plus include:
- Flexibility to provide self-service password reset capability to users only in specific OUs and groups.
- The Password Policy Enforcer feature, which provides complexity rules that:
- Control the types of characters used in the password.
- Restrict using old passwords or characters from the username.
- Prevent the use of specific words, patterns, and palindromes.
- The password synchronization feature, which synchronizes any changes to the domain passwords to more than 15 enterprise cloud and on-premises applications, including Office 365/Azure AD, G Suite, and Salesforce.
- The option for admins to configure an approval workflow where users have to raise a help desk request and can only reset their passwords when it is approved.
With all the above advantages that ADSelfService Plus has to offer, choosing ADSelfService Plus to empower users with self-service password reset for your Azure AD environment is the right way to go. Other than self-service password reset and password synchronization, ADSelfService Plus also offers:
- Self-service AD account unlock.
- MFA for endpoint (Windows, macOS, and Linux) and enterprise application logins.
- Enterprise application single sign-on.
- Directory self-update.
New to ADSelfService Plus?
Related Articles
Self-service password reset and account unlock for Chromebook devices
The Chromebook is Google's low-cost alternative to traditional laptops. Unlike Windows, macOS, and Linux machines, a Chromebook runs on the Chrome OS. Users can login to their Chromebook using their AD domain credentials, if their device has been ...Self-service password reset for Windows 7, 8, and 10
We've all had to reset a forgotten password at some point in our lives. But have you ever wondered what goes on behind the scenes when you initiate a password reset? Have you considered the security risks that can arise due to poor password ...ADSelfService Plus self-service password reset configuration: Reset & Unlock tab
Reset & Unlock tab The Reset & Unlock tab consists of settings related to the self-password reset and account unlock features. Learn how to configure these settings to suit your requirements. Here are the settings under the Reset & Unlock tab: Unlock ...Google Workspace password reset
G Suite admins can enable users to reset their passwords and recover their accounts without admin support. ADSelfService Plus, an Active Directory (AD) self-service password management and single sign-on solution, offers the Password Reset feature, ...Zendesk password reset
Zendesk admins can enable users with the capability to reset their own, should they forget them. To reset their passwords, users have to: Open the Zendesk login page. Click Forgot your password in the login screen. Open the email sent by the Zendesk ...