07-20-2017 05:18 AM
07-20-2017 05:18 AM
I have Azure AD subscription with premium trial enabled and assigned license to users so that they can do password reset by themselves.
I also configured the option under password reset settings so that "All" in an organization can reset the password.
However I notice the password reset option under user profile is grayed out and also if the users login to https://myapps.microsoft.com and under profile option he doesn't has the option to reset the password too.
07-20-2017 10:27 AM - edited 07-20-2017 10:28 AM
I am not sure I can help, as I haven't got this setup though I did look at this feature a couple of years a go but have you seen these steps, there a few more things to do than what you have mentioned:
and this is the workflow involved with using this feature
I know one of the steps I had to do to get this working, for example, was to setup password writeback.
07-20-2017 11:33 AM
How are your users managed, are they created directly in the cloud or sourced from AD? Also, what is the authentication method used?
07-26-2017 04:20 AM
Users are created directly on Azure AD, also enabled premium license individual to each users.
07-26-2017 06:19 AM
So no on-premise sync in place just a pure Cloud Identity? Can you try to create a testaccount and see what happens with that when you assign the AzureAD Premium license?
07-26-2017 07:36 AM - edited 07-26-2017 07:38 AM
Is the Azure AD premium license still valid and did you check if the azure ad selfservice settings are correct? I dont know if you have an AzureAD synced environment if that is the case is password writeback enabled?
For testing a reset you can best use this url: https://passwordreset.microsoftonline.com
Remember that you can set these for cloud identities, but when using Directory Synchronization, you have to set the mobile phone number in on-premises Active Directory and have this replicated to Office 365. The SSRP automatically picks this mobile phone number for the Authentication Phone number.
You can also look into this site for morge troubleshooting: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-troubleshoot
I hope this will help you out.
07-26-2017 10:37 AM
Just to be clear here, password change is different from password reset. Password change is performed once you are logged in to the O365 portal or the myapps portal, Password reset is performed when you cannot access those portals. The "change password" option doesnt require any additional licenses and should be available in both portals for cloud-authored users. The reset password option is only accessible via the login portal "can't access your account" link (or directly via https://passwordreset.microsoftonline.com/) and requires the SSPR feature.
07-27-2017 02:04 AM
I'm talking about the option you see under https://myapps.microsoft.com under profile -> you get the option to change the password.
07-27-2017 10:44 AM
OK, so that's the password change feature, not password reset (SSPR). Nevertheless, I havent run into a scenario where this link is grayed out, even for federated accounts it will allow you to click the link. Open a support ticket?
07-31-2017 08:01 AM
As a Global Admin, does the link work for you? Also, what if you have a regular user go here: https://account.activedirectory.windowsazure.com/ChangePassword.aspx - What error do they get? Could the users be using a Microsoft account instead of an AAD account? Just a couple thoughts. - Josh