One of my customers is currently running an Office 365 pilot using a trial E3 tenant. When Microsoft announced that self-service password reset is to be made available to cloud-based Office 365 users without the need for a separate Azure AD basic or premium subscription it sounded great to us as the requirement for users to reset their own passwords was one of the challenges we faced. Unfortunately it’s not quite so simple – or at least not if you are not using a paid product (for example if you’re on an Office 365 trial).
Just to be clear, self-service password reset is still available for Global Administrators in Office 365 – it has been as long as I’ve been working with the product – I’m talking here about “normal” users. In the Office 365 Admin Center, listed under Service Settings, Passwords is a section titled “let your people reset their own passwords” – but the feature is not actually controlled from within the Office 365 Admin Center – it redirects to the Azure AD Admin Center:
In my own tenant, that led to a simple sign-up for a $0 Azure subscription following which I can see my directory (remember Office 365 uses Azure AD for authentication), complete with all the domains and settings I configured via the Office 365 Admin Center over the years. Dig a little deeper and in the configure screen is the ability to customise branding and to set the user password reset policy:
After enabling self-service password reset there are more options to control the experience (for example the available authentication methods) and a link to allow users to set up their details. Unfortunately, none of this is available with a trial tenant and, when I tried to configure it, setting up an Azure subscription failed at the mobile verification stage and a service request raised with Microsoft Office 365 support confirmed that this is by design.