Forum Discussion
Self service password reset
Hi,
according to this link: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-licensing#licenses-required-for-password-writeback
To use self service password reset feature, you require one of the following:
Azure AD Premium P1
- Azure AD Premium P2
- Enterprise Mobility + Security E3
- Enterprise Mobility + Security E5
- Secure Productive Enterprise E3
- Secure Productive Enterprise E5
When we login to the azure portal, we see the option to enable self service password reset feature. When try to enable it, no error are generated. It seems like we are eligeable for it? The only license we have is Office 365 Enterprise E5 without PSTN Conferencing. Whats the difference between this and the above E5 license?
Anyway we can check what kind of Azure license we have?
Thanks!
The E5 license doesn't come with any of the extra Azure AD stuff, so unless you also have / see the EM+S or Azure subscriptions in your portal, you won't be able to use the self-service password reset for writing back to AD.
Hi Brian and thanks for prompt reply. We do have Azure subscription, but dont think we have premium. Neither do we have EMS. In the link i provided it also states:
In order for Azure AD Password Reset to function, you must have at least one license assigned in your organization. We do not enforce per-user licensing on the password reset experience. To maintain compliance with your Microsoft licensing agreement, you need to assign licenses to any users that use premium features.1
Cloud only users - Office 365 (O365) any paid SKU, or Azure AD Basic
We suspect that when we enable, it will only work for cloud only users and not on-premise users. This is the part that is a bit confusing, so the best way to confirm is to test it or confirm we have Azure AD premium
Cloud user self-service password reset for Office 365 is included for free per this announcement from a while back - Sign in page branding and cloud user self-service password reset for Office 365.
If you check the comparison of the Azure AD editions, you can see "Self-service password reset/change/unlock with write-back to on-premises directories" does require Azure Active Directory Premium P1/P2 (or EMS).
The note about at least one licence must be assigned in your organization for Azure AD self-service password reset, means there isn't a subsequent licence check for every user. To stay compliant though you have to have the appropriate licences for the number of people using this feature.
That page also confirms Standalone Office 365 licensing plans does not support password writeback and require one of the licences specified for the functionality to work.
If you don't see Azure AD Premium (or EMS) licence listed in the licence assignment part of the admin portal for users, that would confirm you don't have rights to those features.
