How to allow users to change their own password in Microsoft 365

To allow users to change their own password in Microsoft 365, you need to enable self-service password reset (SSPR) in Azure Active Directory (Azure AD). Here’s how to set it up:

---

Steps to Allow Users to Change Their Own Passwords

1. Access the Azure AD Admin Center

• Go to the Azure AD Admin Center.
• Sign in with your Global Administrator or Privileged Role Administrator account.

2. Navigate to Password Reset Settings

• In the left-hand menu, click “Azure Active Directory”.
• Under “Manage”, select “Password reset”.

3. Enable Self-Service Password Reset (SSPR)

• Under the “Properties” tab:
  • Set “Self-service password reset enabled” to one of the following:
    • Selected: This allows SSPR for specific groups only. Add the desired group(s) under “Users.”
    • All: This allows SSPR for all users in your organization.
• Click “Save”.

4. Configure Authentication Methods for SSPR

• Go to the “Authentication methods” tab:
  • Set the number of authentication methods required to reset passwords (e.g., 1 or 2).
  • Choose methods for verification:
    • Mobile app (Authenticator)
    • Email
    • Mobile phone (SMS)
    • Security questions
• Click “Save”.

5. Test SSPR

• Log in as a user and try to reset the password via the password reset page.
• Ensure the setup works as intended and users can reset their passwords.

6. Notify Users

• Inform users that they can reset their password via the password reset page or change it within their account settings.

---

Important Notes:

• Users must register their authentication methods (e.g., phone number, email) before using self-service password reset. You can prompt them to do this by setting up Security Info Registration in Azure AD.
• If your organization uses Hybrid Azure AD, ensure password writeback is enabled so changes sync back to your on-premises Active Directory.

Let me know if you need help with any specific step!