The information provided in this article does not constitute legal or financial advice and is for general informational purposes only. Please check with an attorney or financial advisor to obtain advice with respect to the content of this article.

How to Reset Microsoft Entra (Active Directory) Passwords & MFA

Microsoft Entra (formerly known as Microsoft Active Directory) is a popular identity and access management (IAM) tool. Entra combines user directory and identity management services and is seamlessly integrated into other Microsoft products like Microsoft 365 and Microsoft Azure.

Microsoft Entra’s password reset and multi-factor authentication (MFA) reset options are limited. To reset their Microsoft Entra passwords, users must contact their IT administrator. Although Entra does have a self-service password reset (SSPR) tool, it’s complex to set up and uses insecure authentication factors which leave Entra accounts vulnerable to takeover. Also, Entra doesn’t have any self-service MFA reset options, which means users are forced to contact IT who have to reset each user’s MFA by hand.

Thankfully, Nametag has introduced a secure self-service account recovery (SSAR) solution for Entra password and MFA resets. Read on to learn more about how Nametag Autopilot works with Microsoft Entra

How to Reset a Microsoft Entra Password with Default Options

In order to reset your own Microsoft Entra password, an IT administrator must set up self-service password resets. Otherwise, an IT agent with “Password Administrator” privileges must manually reset your password by hand. Contact your IT department if you’re not sure whether self-service password reset has been enabled.

Microsoft Entra User Password Reset Admin View
Microsoft Entra User Password Reset Admin View - from Microsoft

How to Reset Microsoft Entra MFA

Microsoft Entra does not offer self-service MFA resets. To reset your Microsoft Entra MFA, you'll need to contact your IT administrator.

To enable self-service password reset (SSPR) in Microsoft Entra, an admin user must enable SSPR for a chosen group of Microsoft Entra users, set up authentication methods and registration options, and then test the system. Microsoft has an in-depth tutorial to help you do this. But before you do, be aware that the native Microsoft solution has major drawbacks.

First, the user authentication methods currently offered by Microsoft Entra are highly insecure and can be extremely frustrating for users, forcing them to create helpdesk tickets that defeat the purpose of a self-service option:

  • Mobile app notifications and mobile app codes can be exploited by push fatigue attacks and phishing, while users who lose or upgrade their phone can’t access their mobile app.
  • Email verification is vulnerable to phishing and credential stuffing attacks on personal email accounts, and requires users to switch over to another device to access their personal email.
  • Mobile phone verification is vulnerable to phishing, interception, and SIM swap attacks. Also, text messages sometimes just never arrive, forcing users to contact IT for help where they’ll need to be verified.

Secondly, if a user needs to reset their multi-factor authentication (MFA), they’ll have no choice but to contact your helpdesk. And when they do, how will you verify that they’re not an imposter?

A common solution to these problems is to implement Nametag Autopilot, the first secure solution for Microsoft Entra self-service account recovery (SSAR). 

Self-Service Entra Password & MFA Resets

Nametag perfectly compliments Microsoft Entra by enabling employees to securely reset their Entra passwords and MFA devices entirely on their own. Here’s how to reset a Microsoft Entra password or Entra MFA with Nametag.

  1. Navigate to your company’s Nametag account recovery microsite.
    Enter your work email address and then scan the QR code with your smartphone. This will launch the Nametag experience on your device.
  1. Follow the instructions to verify your identity with Nametag. 
    Scan the front and back of your government-issued ID document. You can use a driver’s license, passport, or any of 11,000 other forms of government-issued photo ID.
  1. Take a selfie.
  1. Wait for Nametag to verify your identity, then hit “Close”.
  1. Return to your microsite. You will now have the option to reset your Microsoft Entra MFA or password.
  1. Click “Reset multi-factor authentication” or “Reset your password” for Microsoft Entra, then follow the instructions to reset your password or MFA.

Nametag integrates with Microsoft Entra to close a critical security and experience gap: the Entra recovery process. Organizations using Nametag save up to 30% of their helpdesk costs by deflecting MFA resets to self-service, while protecting employee accounts from takeovers.

Watch a demo of self-service account recovery with Nametag Autopilot, then get in touch to start automating your Microsoft Entra password and MFA resets.

Looking to fix your fraud problem?

Learn how you can use Nametag to quickly verify anyone's identity, simply by typing in their phone number or copy/pasting a link.