Reset Passwords in Office 365

Reset Passwords in Office 365

Like most IT services and applications Office 365 is secured with passwords. People will occasionally forget their password and a reset will be required. Since every organization has different needs and requirements Microsoft has provided us with a number of options for resetting passwords.

1. You can enable self-service password reset and your employees can reset their own password.

2. An Office 365 administrator can open the Microsoft 365 portal and reset a user’s password.

3. A password can be reset in your on-premise Active Directory and then synced to Office 365.

4. An administrator can create a password reset PowerShell script to make password resets fast and easy for their entire IT staff.

Depending on your organization’s configuration your options may be limited.

Self-Service Password Reset

Office 365 global administrators can enable self-service password reset for their organization. Unfortunately, if your organization is syncing users from your on-premise Active Directory you will have to purchase a paid subscription to Azure AD premium. Azure AD Premium is not required for cloud only users and there is no additional cost.

How to Enable Self-Service Password Reset for your Organization

Self-service password reset has a couple of advantages. First, it reduces the number of help desk tickets your IT staff will receive because users become more self-sufficient. Secondly, while a user is waiting for IT to reset their password, they may be unable to complete their duties decreasing productivity. Finally, most people prefer being self-sufficient.

Before you can start using self-service password reset a global admin will need to enable it for your Office 365 tenant:

1. Log on to https://aad.portal.azure.com

2. Click Azure Active Directory in the left navigation pane.

3. Click Password Reset in the secondary navigation pane.

4. Click All then click Save.

Adding Contact Information per User

Once the self-service password reset is enabled across your organization users will need to provide Microsoft with additional contact information. After a user logs on to https://portal.office.com they will be prompted add and verify a phone number, as well as, an email address.

Below is a pre-written email you can send to your users to inform them of the change.

Hello, we have enabled self-service password reset for Office 365. Before you can reset your password, you’ll need to provide an additional email and mobile phone. Your contact information will be kept secure and used for resetting your password.

To enable self-service password reset follow the instructions below:

1. Go to https://portal.office.com/ and log on with your Office 365 credentials.

2. When prompted for “More information required” click Next.

Microsoft 365 More information required

3. Click Set it up now next to Authentication Phone.

Microsoft 365 don't lose access to your account

4. Select your country, type your mobile phone number, then click text me.

Microsoft 365 MFA setup text messages

5. Wait for the text message then enter the verification number in the provided text box. Click Verify.

Microsoft 365 MFA setup text message verify phone

6. Perform steps 3–5 for your email address.

7. Once your phone number and email address are verified click Finish.

Once you’ve completed the configuration you can reset your password

Once you’ve completed the configuration you can reset your password by going to https://passwordreset.microsoftonline.com/

Memos and emails are often missed by all of us. Train your IT staff to help the user configure self-service password reset every time they receive a password reset ticket.

Reporting on Users who Configured Password Reset

An Office 365 admin can review Azure AD’s audit logs to verify users are adding contact information and enabling self-service password reset.

1. Login to https://aad.portal.azure.com

2. Click Azure Active Directory in the left navigation pane.

3. Click Audit Logs in the secondary navigation pane.

4. In the Activity filter type User completed security info registration for self-service password reset.

5. Click Apply.

From the audit log, you will have a complete list of everyone who completed the self-service password reset. You can download and export the data for easier management.

How Administrators can Reset a User’s Password

Administrators can reset a password on behalf of the user.

If you’re syncing the user from on-premise Active Directory an administrator can open Active Directory Users and Computers and perform a standard password reset. AD Connect syncs passwords every 2 minutes but there may be additional delays depending on your Active Directory’s site configuration.

If the user is not being synced from on-premise Active Directory, an admin can log in to https://admin.microsoft.com > Users > Active Users > find and select the user > Click Reset Password.

Microsoft 365 screenshot

Password Reset PowerShell Script

If you’re acting staff is comfortable with power shell you can run the below script to quickly reset passwords.

Param(  [Parameter(Mandatory=$True, Position=1)]
[string]$AdminUsername,
[Parameter(Mandatory=$True, Position=2)]
[string]$AdminPassword,
[Parameter(Mandatory=$True, Position=3)]
[string]$User,
[switch]$ForceChangePassword
)
Write-Host “Connecting to Office 365” -ForegroundColor Cyan$encryptedPassword = ConvertTo-SecureString -AsPlainText -Force -String $AdminPassword$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $AdminUsername, $encryptedPasswordConnect-MSOLService -Credential $cred -WarningAction SilentlyContinue -InformationAction SilentlyContinueWrite-Host “Restting $User’s Password to” -ForegroundColor Cyan
$Assembly = Add-Type -AssemblyName System.Web
$NewPassword = [System.Web.Security.Membership]::GeneratePassword(10,0)
Set-MsolUserPassword -UserPrincipalName $User -NewPassword $NewPassword -ForceChangePassword $ForceChangePassword.IsPresent
Microsoft 365 Reset password PowerShell script

The script has 4 parameters. The first and second are the administrator's username and password which is required to authenticate to Office 365. The third parameter is the user's primary email address. The fourth parameter is optional and can be used if you want to require the user to reset the password after their first login.