Self-Service Password Reset with Azure AD Premium

By Aaron Saposnik| March 03, 2017

In our last blog, we introduced the 5 products of Enterprise Mobility + Security.  Today, we'll dive deeper into the first product -- Azure Directory Premium -- by looking at one of its most commonly deployed features:

Self-service Password Reset

Expired or forgotten passwords are one of the more common (and more frustrating) side effects of network security. Whether it is the user who can’t work because they can’t access their system or the IT staff member who has to drop everything to help them, password resets can take up a lot of time and lead to a large expense for an organization. With EMS, there is a solution in Azure AD Premium and Self-service Password Reset with Writeback.

How does it work?

Self-service Password Reset uses the native password reset functionality of Office 365 to allow users to update their passwords without knowing or requiring their old password. Security is enforced using multi-factor authentication and users must validate themselves using a pre-configured phone number or email address. For sensitive user accounts, such as admin accounts, multiple verifications can be required to add additional security. Once the user verifies their identity they are allowed to assign a new password without knowing their old information.

Azure AD Premium and Self-service Password Reset

But how does this help with my on-premises Active Directory and devices?

This is where the benefit of Writeback comes in. Azure AD Premium allows for Office 365 to take the new password and, via the AD Connect agent, write the password back to your on-premises Active Directory. As an added bonus, password reset will make sure that any new password selected will both meet your existing password requirements for your Active Directory and will not be too common. If an invalid password is entered, the user will be prompted to try again until an acceptable password has been selected. Once the password is reset, a user can immediately get back to work on any Active Directory or Office 365 integrated system using their new password – no IT intervention required.

Active Directory or Office 365 new password

This solution is safe and secure due to the use of multi-factor authentication, but MFA security is not limited to just password resets. In our next blog, we will be discussing how multi-factor authentication can be extended to many of your other cloud and on-premises applications and devices.

Leveraging opportunities in the cloud