Self Service Password Reset with on-premises writeback in Microsoft 365 Business

Earlier this year we announced support for on premises Active Directory in Microsoft 365 Business. To facilitate identities mastered on Active Directory, we are excited to announce Self-Service Password Reset with on-premises writeback capability in Microsoft 365 Business.


Self Service Password Reset (SSPR) is a feature already included in Microsoft 365 Business, that allows users to change their password in the cloud.  Password writeback is a complimentary feature that enables those password changes to be written back to an existing on-premises directory in real time.  This simplifies password operations and helps ensure consistent application of password policies. 


Here are the steps to roll out Self Service Password Reset with writeback for Microsoft 365 Business customers:


  1. Develop a SSPR roll-out Strategy: To ensure a smooth rollout of the Azure Active directory (Azure AD) self-service password reset (SSPR) functionality, it is often helpful to develop a roll strategy that involves educating users & piloting it with a small subset of users. Learn more in this how-to guide

  2. Pre-populate authentication data: In order to reset their passwords, users need to provide some form of authentication (phone or email) first. You should consider pre-populating some authentication data for your users. That way users don't need to manually register for password reset before they are able to use SSPR. Some organizations have their users enter their authentication data themselves. But many organizations prefer to synchronize with data that already exists in Active Directory. Learn more about pre-registering authentication data

  3. Configuring Password write back: Once you’ve completed the above steps, you can configure SSPR by enabling ‘Password Writeback’ in Azure Active Directory Connect as described in this article



We would love to get more feedback on how we can make enabling SSPR easier for SMB organizations and enhancing Azure AD capabilities in Microsoft 365 Business. For more information on features supported in Microsoft 365 Business, please visit the Microsoft 365 Business Service Description at aka.ms/m365bsd


Super Contributor

Last time i read about password writeback it required Azure AD Premium. Maybe M365 Business already includes that? If not, it is useful to mention additional costs.


Hi Oleg,


M365B does not include AAD P1 but the SSPR writeback functionality is now natively part of M365B and so there is no additional costs to enable SSPR writeback in M365B


Hi, would this work in O365 A1 licenses also, or would it need AAD P1 to work with O365 A1?


This is great news and we have been waiting for this! Is this feature already enabled for all MS 365 Business subscriptions? I can confirm we all have licenses, I have enabled password writeback in Azure AD Connect, even verified the proper permissions on the AD sync account, but the portal still claims it is not enabled. Do you have any guidance?


Annotation 2019-01-11 004002.jpg

Occasional Visitor
I also get the same issue as Skip Mercier. My company is on Office 365 Business Premium. Support is unaware of the extending of SSPR to Office 365 Business Plans. Not sure if this feature is rolled out to all tenants and all datacentre's. According to Ashanka: "no additional costs to enable SSPR writeback in M365B" Support insists on Azure AD Premium Licenses. But this is additional costs.