Multi-factor authentication prompts users to confirm their identity via a means other than their account's password. The number of methods used is configurable (either 1 or 2), and the methods customisable from:
- Secondary email
- Mobile phone (phone call or SMS)
- Mobile authenticator app
Self-service password resets
Self-service password resets are a feature of Azure AD P1, allowing users to:
- Change their own passwords, e.g. because of an upcoming expiry.
- Recover their lost/forgotten passwords.
- Unlock their own accounts after lockout due to failed login attempts.
Verification of account ownership can take place via MFA, an OAuth token (preview) and/or account security questions.