Enable users to unlock their account or reset passwords using Azure Active Directory (AD) self-service password reset

Azure AD administrators can empower users to reset their passwords and unlock their accounts without help desk assistance using the self-service password reset and account unlock feature. To enable this feature, follow these steps:

Prerequisites

• A working Azure AD tenant with at least an Azure AD free or trial license enabled.
• An account with Global Administrator privileges.

To enable self-service password reset:

1. Log in to Azure using a Global Administrator account.
2. In the search bar, search for and select Azure Active Directory.
3. Go to Password reset > Properties.
4. In the Properties page, under Self service password reset enabled option, click Select group.
5. Select the Azure AD groups for which the feature has to be enabled and click Select.
6. Click Save to enable self-service password reset and account unlock for the users belonging to the selected groups.

The self-service password reset and account unlock process must be secured using user authentication methods. To configure authentication methods:

1. Go to the Authentication methods tab. Under Number of methods required for reset in the Authentication methods page, set the toggle to the number of authentication methods appropriate to your organization.
2. Choose the Methods available to users option that your organization wants to enable for authentication.
3. Click Save.

Azure AD self-service password reset with ADSelfService Plus

ManageEngine ADSelfService Plus is an identity security solution with adaptive MFA, single sign-on, and password management capabilities. The product's self-service password reset and account unlock feature lets users reset their AD domain passwords and unlock their AD accounts from a secure portal. The Password Synchronization feature allows users to synchronize changes to the AD domain password with all connected accounts, including Microsoft 365/Azure AD, Salesforce, and Zendesk. Unlike Azure AD SSPR's Password Writeback option, which requires you to set up and configure Azure AD Connect, ADSelfService Plus provides a much easier way to sync self-service password resets and password changes between Azure AD and on-premises AD.

Benefits of self-service Azure AD password reset using ADSelfService Plus

• Customized configuration: Enable self-service password reset and password synchronization with Azure AD for users belonging to specific domains, groups, and organizational units.
• Secured password resets: Verify user identity using more than 15 authentication methods before proceeding with self-service password reset.
• Advanced password policies: Create and apply custom password policies with advanced password requirements like restriction of palindromes and dictionary words.
• Automated access control: Configure rules that automatically enable or disable self-service password reset for Azure AD based on factors like time of access, IP address, location, and device used.