Can users reset their own passwords?

Yes, if Self-Service Password Reset (SSPR) is enabled in your Microsoft Entra ID tenant. Admins can configure SSPR under Protection > Password reset in the Entra Admin Center. Users must register their authentication methods before the feature becomes available to them.

Does a password reset require MFA?

It depends on your Conditional Access policies. If MFA is enforced on sign-in, the user will be prompted to complete MFA after using their temporary password. Admins performing the reset on behalf of a user are not exempt from their own MFA requirements.

How long do temporary passwords last?

By default, temporary passwords must be changed on the user's first login. They do not have a separate expiry window — the account will prompt for an immediate password change as soon as the user signs in with the temporary credential.

How to Reset a Microsoft 365 User Password

Published onApril 2, 2026

AuthorRoma Chawla

How to Reset a Microsoft 365 User Password

Need to reset a Microsoft 365 user password? This step-by-step guide covers the full process via the Admin Centre — including temporary passwords, forced sign-out, and common errors that catch people out.

Resetting a Microsoft 365 user password is one of the most common admin tasks — but doing it correctly, securely, and in a way that doesn't leave accounts exposed is what separates a well-run M365 environment from a patchy one. This guide walks you through the process step by step.

How to Reset a Microsoft 365 User Password (Admin Guide)

Someone's locked out of their account — maybe they've forgotten their password, it expired, or they've just come back from leave. Whatever the reason, resetting a Microsoft 365 user password takes about two minutes once you know where to go.

Everything happens in the Microsoft 365 Admin Centre. You don't need third‑party tools or access to the user's device — just the right admin role and this guide.

We'll walk through the full reset process, what to do when things don't go as expected, and the one step most people skip that causes avoidable headaches later.

Before You Start

Make sure you have the following in place:

Admin role: At least User Administrator or Global Administrator in Microsoft 365
Admin Centre access: Sign in at https://admin.microsoft.com
User details: Their display name or email address so you can find them quickly
User on standby (if possible): It’s smoother when they’re ready to sign in immediately after the reset

How to Reset a Microsoft 365 User Password

Step 1 — Sign In to the Microsoft 365 Admin Centre

Go to https://admin.microsoft.com.
Sign in with an account that has User Administrator or Global Administrator permissions.

Regular user accounts cannot reset other users’ passwords.

Step 2 — Go to Active Users

In the left‑hand navigation, select Users → Active users.
Use the search bar at the top to find the user by name or email.

Step 3 — Open the Reset Password Panel

You have two ways to start a reset:

From the user profile:

Click the user’s name.
In the panel that opens on the right, select Reset password at the top.

From the list view:

Tick the checkbox next to the user’s name.
Choose Reset password from the action menu at the top.

Step 4 — Set the New Password

In the reset panel, choose how the new password is created:

Auto‑generate password: Microsoft creates a strong temporary password (recommended in most cases).
Let me create the password: Manually set a password if your organisation has specific requirements.

Pay attention to these two checkboxes:

Require this user to change their password when they first sign in — always tick this.
Ensures the user sets their own secret password.
Keeps your security posture clean and auditable.
Send password in email — optionally send the new password to another email address you specify.
Useful if the user can’t receive email on their locked‑out account.
Use carefully and only to a trusted destination.

Step 5 — Confirm and Share the Password

Click Reset password to complete the change.
Microsoft 365 will show the temporary password on screen.

Copy it immediately or use the email option.
Once you close the panel, you cannot retrieve an auto‑generated password again.

Share the temporary password with the user via a secure channel:

Direct message (in a different system),
Phone call,
In person.

Avoid sending the password to the same mailbox the user is locked out of — it won’t help and is easy to overlook in the moment.

Pro Tip from the Tech Desk

Reset complete but the user still gets sign‑in errors? The most common cause is cached credentials, especially on Windows:

Ask them to fully sign out of Microsoft 365 and their device if possible.
Clear saved passwords from their browser and Windows Credential Manager.
Then have them sign in again with the new password.

This resolves most “it still doesn’t work” cases after a reset.

How to Confirm the Reset Worked

After the user signs in with the temporary password and sets a new one, confirm:

They can access key Microsoft 365 apps:
Outlook, Teams, SharePoint, and any other licensed services.
Their account status is Active in the Admin Centre (no warnings or error flags).
If MFA (multi‑factor authentication) is enabled, they’re prompted to complete it on sign‑in.
There are no sign‑in errors in Microsoft Entra ID logs:
Go to Users → Sign‑in logs in the Admin Centre and review recent attempts.

Security Note — Forced Sign‑Out (Revoke Sessions)

A password reset does not automatically sign the user out of existing sessions. Devices and browsers where they’re already signed in may stay active.

If you’re resetting a password due to suspected compromise (not just a forgotten password), you should also revoke all active sessions.

To force sign‑out:

Go to Users → Active users.
Open the affected user’s profile.
Click the three‑dot (⋯) menu.
Select Revoke sign‑in sessions.

This immediately signs the user out of all devices and browsers. Combined with the password reset, it closes the door on any unauthorised access.

If you see repeated unexpected sign‑ins, failed attempts from unfamiliar locations, or other suspicious activity, your Microsoft 365 tenant likely needs a deeper security review.

Our Microsoft 365 Security Assessment focuses on:

Identity risks and misconfigurations
Access anomalies and risky sign‑ins
Secure Score review and hardening recommendations

Frequently Asked Questions

What permissions do I need to reset a Microsoft 365 user password?

You need at least the User Administrator role in Microsoft 365. Global Administrators can also reset passwords.

Standard user accounts cannot reset other users’ passwords. If you’re unsure what role you have:

Go to Users → Active users.
Open your own account.
Check the Roles section.

What should I do if the password reset isn’t working?

Work through these checks:

Confirm the reset was saved

Make sure you actually clicked Reset password and saw the confirmation.

Check cached credentials

Ask the user to:

Sign out of Microsoft 365 and their device.
Clear saved passwords in their browser and Windows Credential Manager.
Try signing in again.

Verify account status

In Active users, confirm the account is Active and not blocked or disabled.

Review Conditional Access policies

If you use Conditional Access, ensure there’s no policy blocking the user’s sign‑in (e.g. location, device, or risk‑based rules).

Check MFA

If MFA is enabled, the user must complete MFA successfully after the reset. Problems with their MFA method can look like password issues.

How is resetting a password in Microsoft 365 different from traditional IT support?

In traditional on‑premises environments, password resets often meant:

Calling a helpdesk,
Waiting for a ticket to be actioned,
Sometimes a technician remoting into the user’s machine.

With Microsoft 365:

Admins can reset passwords instantly from anywhere via the Admin Centre.
No physical access to the device is required.
Downtime is usually limited to the few minutes it takes to sign back in.

It’s one of the key advantages of a cloud‑first environment.

Can the user reset their own password without admin help?

Yes — if Self‑Service Password Reset (SSPR) is enabled in Microsoft Entra ID.

With SSPR configured, users can reset their own passwords directly from the sign‑in screen after verifying their identity (e.g. via phone, email, or app).

Notes:

SSPR is not enabled by default.
Enabling it can significantly reduce password‑related support tickets.

Does resetting the password log the user out of all their devices?

No. A password reset on its own does not terminate active sessions.

The user may still be signed in on devices or browsers where their old credentials are cached.

To force a full sign‑out, you must separately use Revoke sign‑in sessions from the user’s profile in Active users.

Need Help Managing Your Microsoft 365 Environment?

Password resets are one of the most common admin tasks in any Microsoft 365 tenant — but they’re also a signal.

If your team is regularly dealing with:

Account lockouts,
Forgotten credentials,
Repeated access issues,

it’s worth reviewing:

Whether Self‑Service Password Reset (SSPR) is configured,
Whether your MFA rollout is complete and enforced,
Whether your identity and access settings match current best practice.

Technowand provides Microsoft 365 Managed Services for Australian businesses — from day‑to‑day user administration through to security hardening and licence management.

Contact our Canberra team:

Phone: 1300 176 453
Email: hi@technowand.com.au
Office: WOTSO WorkSpace, 490 Northbourne Ave, Dickson ACT 2603

Disclaimer: Information in this article is for general awareness only. Technowand’s recommendations are based on Microsoft’s published documentation and internal best practice. Results may vary depending on your tenant configuration. For a tailored review, contact our team.