Multi-factor authentication prompts users to confirm their identity via a means other than their account's password. The number of methods used is configurable (either 1 or 2), and the methods customisable from:

  • Secondary email
  • Mobile phone (phone call or SMS)
  • Mobile authenticator app

Self-service password resets

Self-service password resets are a feature of Azure AD P1, allowing users to:

  • Change their own passwords, e.g. because of an upcoming expiry.
  • Recover their lost/forgotten passwords.
  • Unlock their own accounts after lockout due to failed login attempts.

Verification of account ownership can take place via MFA, an OAuth token (preview) and/or account security questions.