Home

Password Reset Option Grayed Out - Azure AD Premium

%3CLINGO-SUB%20id%3D%22lingo-sub-88813%22%20slang%3D%22en-US%22%3EPassword%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-88813%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20Azure%20AD%20subscription%20with%20premium%20trial%20enabled%20and%20assigned%20license%20to%20users%20so%20that%20they%20can%20do%20password%20reset%20by%20themselves.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20also%20configured%20the%20option%20under%20password%20reset%20settings%20so%20that%20%22All%22%20in%20an%20organization%20can%20reset%20the%20password.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20I%20notice%20the%20password%20reset%20option%20under%20user%20profile%20is%20grayed%20out%20and%20also%20if%20the%20users%20login%20to%20%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%3C%2FA%3E%20and%20under%20profile%20option%20he%20doesn't%20has%20the%20option%20to%20reset%20the%20password%20too.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3ECharles%20Derber%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-88813%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20Premium%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESelf%20Service%20Password%20Reset%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-91712%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-91712%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%20Charles%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAs%20a%20Global%20Admin%2C%20does%20the%20link%20work%20for%20you%3F%20Also%2C%20what%20if%20you%20have%20a%20regular%20user%20go%20here%3A%20%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faccount.activedirectory.windowsazure.com%2FChangePassword.aspx%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Faccount.activedirectory.windowsazure.com%2FChangePassword.aspx%26nbsp%3B%3C%2FA%3E%20-%20What%20error%20do%20they%20get%3F%20Could%20the%20users%20be%20using%20a%20Microsoft%20account%20instead%20of%20an%20AAD%20account%3F%26nbsp%3B%20Just%20a%20couple%20thoughts.%20-%20Josh%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-90908%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-90908%22%20slang%3D%22en-US%22%3E%3CP%3EOK%2C%20so%20that's%20the%20password%20change%20feature%2C%20not%20password%20reset%20(SSPR).%20Nevertheless%2C%20I%20havent%20run%20into%20a%20scenario%20where%20this%20link%20is%20grayed%20out%2C%20even%20for%20federated%20accounts%20it%20will%20allow%20you%20to%20click%20the%20link.%20Open%20a%20support%20ticket%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-90752%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-90752%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20talking%20about%20the%20option%20you%20see%20under%20%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%3C%2FA%3E%20under%20profile%20-%26gt%3B%20you%20get%20the%20option%20to%20change%20the%20password.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-90552%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-90552%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20to%20be%20clear%20here%2C%20password%20change%20is%20different%20from%20password%20reset.%20Password%20change%20is%20performed%20once%20you%20are%20logged%20in%20to%20the%20O365%20portal%20or%20the%20myapps%20portal%2C%20Password%20reset%20is%20performed%20when%20you%20cannot%20access%20those%20portals.%20The%20%22change%20password%22%20option%20doesnt%20require%20any%20additional%20licenses%20and%20should%20be%20available%20in%20both%20portals%20for%20cloud-authored%20users.%20The%20reset%20password%20option%20is%20only%20accessible%20via%20the%20login%20portal%20%22can't%20access%20your%20account%22%20link%20(or%20directly%20via%20%3CA%20href%3D%22https%3A%2F%2Fpasswordreset.microsoftonline.com%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fpasswordreset.microsoftonline.com%2F%3C%2FA%3E)%20and%20requires%20the%20SSPR%20feature.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-90461%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-90461%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20the%20Azure%20AD%20premium%20license%20still%20valid%20and%20did%20you%20check%20if%20the%20azure%20ad%20selfservice%20settings%26nbsp%3Bare%20correct%3F%20I%20dont%20know%20if%20you%20have%20an%20AzureAD%20synced%20environment%20if%20that%20is%20the%20case%20is%20password%20writeback%20enabled%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20testing%20a%20reset%20you%20can%20best%20use%20this%20url%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fpasswordreset.microsoftonline.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fpasswordreset.microsoftonline.com%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERemember%20that%20you%20can%20set%20these%20for%20cloud%20identities%2C%20but%20when%20using%20Directory%20Synchronization%2C%20you%20have%20to%20set%20the%20mobile%20phone%20number%20in%20on-premises%20Active%20Directory%20and%20have%20this%20replicated%20to%20Office%20365.%20The%20SSRP%20automatically%20picks%20this%20mobile%20phone%20number%20for%20the%20Authentication%20Phone%20number.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20also%20look%20into%20this%20site%20for%20morge%20troubleshooting%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-passwords-troubleshoot%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-passwords-troubleshoot%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20will%20help%20you%20out.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-90445%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-90445%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20no%20on-premise%20sync%20in%20place%20just%20a%20pure%20Cloud%20Identity%3F%20Can%20you%20try%20to%20create%20a%20testaccount%20and%20see%20what%20happens%20with%20that%20when%20you%20assign%20the%20AzureAD%20Premium%20license%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-90405%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-90405%22%20slang%3D%22en-US%22%3E%3CP%3EI've%20followed%20the%20articles%20you%20shared%20but%20that%20couldn't%20help%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-90404%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-90404%22%20slang%3D%22en-US%22%3E%3CP%3EUsers%20are%26nbsp%3Bcreated%20directly%20on%20Azure%20AD%2C%20also%20enabled%20premium%20license%20individual%20to%20each%20users.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-88920%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-88920%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20are%20your%20users%20managed%2C%20are%20they%20created%20directly%20in%20the%20cloud%20or%20sourced%20from%20AD%3F%20Also%2C%20what%20is%20the%20authentication%20method%20used%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-88903%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20Reset%20Option%20Grayed%20Out%20-%20Azure%20AD%20Premium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-88903%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20not%20sure%20I%20can%20help%2C%20as%20I%20haven't%20got%20this%20setup%20though%20I%20did%20look%20at%20this%20feature%20a%20couple%20of%20years%20a%20go%20but%20have%20you%20seen%20these%20steps%2C%20there%20a%20few%20more%20things%20to%20do%20than%20what%20you%20have%20mentioned%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-passwords-getting-started%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EQuick%20Start%3A%20Azure%20AD%20self-service%20password%20reset%3C%2FA%3E%3C%2FLI%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-passwords-best-practices%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ERoll%20out%20password%20reset%20for%20users%3C%2FA%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3Eand%20this%20is%20the%20workflow%20involved%20with%20using%20this%20feature%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-passwords-how-it-works%23active-directory-permissions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ESelf-service%20password%20reset%20in%20Azure%20AD%20deep%20dive%3C%2FA%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3EI%20know%20one%20of%20the%20steps%20I%20had%20to%20do%20to%20get%20this%20working%2C%20for%20example%2C%20was%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-passwords-writeback%23configuring-password-writeback%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Esetup%26nbsp%3Bpassword%20writeback%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Charles Derber
Occasional Contributor

Hello,

 

I have Azure AD subscription with premium trial enabled and assigned license to users so that they can do password reset by themselves. 

 

I also configured the option under password reset settings so that "All" in an organization can reset the password. 

 

However I notice the password reset option under user profile is grayed out and also if the users login to https://myapps.microsoft.com and under profile option he doesn't has the option to reset the password too.

 

Regards,

Charles Derber

10 Replies

I am not sure I can help, as I haven't got this setup though I did look at this feature a couple of years a go but have you seen these steps, there a few more things to do than what you have mentioned:

 

and this is the workflow involved with using this feature

 

I know one of the steps I had to do to get this working, for example, was to setup password writeback.

Highlighted

How are your users managed, are they created directly in the cloud or sourced from AD? Also, what is the authentication method used?

Users are created directly on Azure AD, also enabled premium license individual to each users.

I've followed the articles you shared but that couldn't help too.

So no on-premise sync in place just a pure Cloud Identity? Can you try to create a testaccount and see what happens with that when you assign the AzureAD Premium license?

Is the Azure AD premium license still valid and did you check if the azure ad selfservice settings are correct? I dont know if you have an AzureAD synced environment if that is the case is password writeback enabled?

 

For testing a reset you can best use this url: https://passwordreset.microsoftonline.com

 

Remember that you can set these for cloud identities, but when using Directory Synchronization, you have to set the mobile phone number in on-premises Active Directory and have this replicated to Office 365. The SSRP automatically picks this mobile phone number for the Authentication Phone number.

 

You can also look into this site for morge troubleshooting: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-troubleshoot

 

I hope this will help you out.

Just to be clear here, password change is different from password reset. Password change is performed once you are logged in to the O365 portal or the myapps portal, Password reset is performed when you cannot access those portals. The "change password" option doesnt require any additional licenses and should be available in both portals for cloud-authored users. The reset password option is only accessible via the login portal "can't access your account" link (or directly via https://passwordreset.microsoftonline.com/) and requires the SSPR feature.

I'm talking about the option you see under https://myapps.microsoft.com under profile -> you get the option to change the password.

OK, so that's the password change feature, not password reset (SSPR). Nevertheless, I havent run into a scenario where this link is grayed out, even for federated accounts it will allow you to click the link. Open a support ticket?

 

Hi Charles,

 

As a Global Admin, does the link work for you? Also, what if you have a regular user go here: https://account.activedirectory.windowsazure.com/ChangePassword.aspx  - What error do they get? Could the users be using a Microsoft account instead of an AAD account?  Just a couple thoughts. - Josh

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies