How to enable users to reset passwords and unlock accounts in Azure AD

Overview

This article explains how administrators can empower users to reset their Azure passwords and perform Azure AD unlock account actions without relying on the help desk. By enabling self-service password and account unlock in Azure AD, users who forget their passwords or get locked out can quickly regain access using secure authentication methods.

While Azure provides built-in self-service password capabilities, many organizations prefer advanced solutions. ManageEngine ADSelfService Plus enhances password reset and unlock account in Azure AD by extending them to on-premises Active Directory, offering adaptive MFA, advanced password policies, and seamless synchronization with Microsoft 365, Salesforce, Zendesk, and more—without requiring Azure AD Connect.

Prerequisites

To enable self-service Azure account unlock and password reset:

• A working Azure AD tenant with at least a free or trial license.
• An account with Global Administrator privileges.

Steps to be followed

Enable password reset and unlock account in Azure AD

1. Log in to Azure with a Global Administrator account.
2. In the search bar, select Azure Active Directory.
3. Navigate to Password reset > Properties.
4. Under Self service password reset enabled, click Select group.
5. Choose the Azure AD groups for which you want to enable unlock Azure AD account and password reset.
6. Click Save to apply.

Configure authentication methods for secure account unlock and password reset

1. Go to the Authentication methods tab.
2. Set the Number of methods required for reset to align with organizational policy.
3. Select the Methods available to users (SMS, email OTP, authenticator apps, etc.).
4. Click Save.

Validation and confirmation

• Test the feature by attempting to reset password or unlock account in Azure AD using the login screen or portal.
• Verify that users are prompted to authenticate with the configured methods.
• Confirm successful password reset and unlock account in Azure AD without admin involvement.

Tips

Unlike Azure AD's Password Writeback option, which requires you to set up and configure Azure AD Connect, ADSelfService Plus provides a much easier way to sync resets and changes to passwords, and unlocking accounts from Azure AD to on-premises AD. The product's self-service password reset and unlock account lets users reset their passwords and unlock their Azure AD accounts from a secure portal. ADSelfService Plus' Password Synchronization feature allows users to synchronize changes to the AD domain password with all connected accounts, including Microsoft 365/Azure AD, Salesforce, and Zendesk.

Benefits of self-service Azure AD password reset and account unlock using ADSelfService Plus

• Customized configuration: Enable self-service password reset and password synchronization with Azure AD for users belonging to specific domains, groups, and organizational units.
• Secured password resets: Verify user identity using more than 20 authentication methods before proceeding with self-service password reset.
• Advanced password policies: Create and apply custom password policies with advanced password requirements like restriction of palindromes and dictionary words.
• Automated access control: Configure rules that automatically enable or disable self-service password reset for Azure AD based on factors like time of access, IP address, location, and device used.